--- PROCESS FUNCTIONS --- Load supplimental files... - Skip function list, total:793 - Skip var list, total:22 Pre-processing... STOP WATCH[0]: 324.779000 ms Found 965 syscalls Process Gating Functions Gating Function Type: capability Load CAP FUNC list, total:3 Inner checking functions: - avc_denied @ 7 - security_capable @ 2 i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i8*) i8* bitcast (i1 (i32)* @capable to i8*) i8* bitcast (i1 (%struct.sk_buff*, i32)* @netlink_capable to i8*) i8* bitcast (i1 (%struct.task_struct*, i32)* @has_capability to i8*) i8* bitcast (i1 (%struct.sock.273263*, %struct.user_namespace*, i32)* @sk_ns_capable to i8*) i8* bitcast (i1 (%struct.sock.273263*, i32)* @sk_net_capable to i8*) i8* bitcast (i1 (%struct.sock.273263*, i32)* @sk_capable to i8*) i8* bitcast (i1 (%struct.sk_buff*, %struct.user_namespace*, i32)* @netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i8*) i8* bitcast (i1 (%struct.sk_buff*, i32)* @netlink_net_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_setid to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_noaudit to i8*) i8* bitcast (i1 (%struct.file*, %struct.user_namespace*, i32)* @file_ns_capable to i8*) i8* bitcast (i1 (%struct.netlink_skb_parms*, %struct.user_namespace*, i32)* @__netlink_ns_capable to i8*) STOP WATCH[0]: 5.267000 ms =chk functions and wrappers (total:18)= . netlink_capable @ 1 . has_capability @ 1 . has_ns_capability @ 2 . ns_capable @ 1 . avc_has_perm_noaudit @ 5 . has_ns_capability_noaudit @ 2 . __netlink_ns_capable @ 2 . capable @ 0 . sk_ns_capable @ 2 . sk_net_capable @ 1 . sk_capable @ 1 . netlink_ns_capable @ 2 . capable_wrt_inode_uidgid @ 2 . ns_capable_setid @ 1 . netlink_net_capable @ 1 . ns_capable_noaudit @ 1 . has_capability_noaudit @ 1 . file_ns_capable @ 2 =o= Collect Checkpoints STOP WATCH[0]: 318.332000 ms Identify interesting struct Function: xps_cpus_store used by struct.netdev_queue_attribute Function: xps_rxqs_store used by struct.netdev_queue_attribute Function: tx_maxrate_store used by struct.netdev_queue_attribute Function: mtu_store used by struct.device_attribute.768094 Function: net_current_may_mount used by  new discover:struct.kobj_ns_type_operations.768086 Function: sk_lookup_func_proto used by  new discover:struct.bpf_verifier_ops Function: tc_cls_act_func_proto used by struct.bpf_verifier_ops Function: sk_filter_func_proto used by struct.bpf_verifier_ops Function: rtnetlink_bind used by  new discover:struct.netlink_kernel_cfg.760504 Function: pci_read_config used by struct.bin_attribute Function: group_store used by struct.device_attribute.768094 Function: max_medium_access_timeouts_store used by struct.device_attribute.624193 Function: sock_ops_func_proto used by struct.bpf_verifier_ops Function: esre_attr_show used by struct.sysfs_ops Function: store_state_disable used by  new discover:struct.cpuidle_state_attr Function: dm_ctl_ioctl used by struct.file_operations.299508 Function: md_attr_store used by struct.sysfs_ops.299478 Function: lo_ioctl used by  new discover:struct.block_device_operations.614899 Function: sock_addr_func_proto used by struct.bpf_verifier_ops Function: i915_perf_remove_config_ioctl used by  new discover:struct.drm_ioctl_desc Function: sock_ioctl used by struct.file_operations.273222 Function: pps_enable_store used by struct.device_attribute.694378 Function: store_rps_map used by struct.rx_queue_attribute Function: proto_down_store used by struct.device_attribute.768094 Function: threaded_store used by struct.device_attribute.768094 Function: subcaches_store used by struct.device_attribute.25624 Function: snapshot_ioctl used by struct.file_operations Function: iommu_group_store_type used by struct.iommu_group_attribute Function: enable_store used by struct.device_attribute.320846 Function: msi_bus_store used by struct.device_attribute.320846 Function: manage_start_stop_store used by struct.device_attribute.624193 Function: provisioning_mode_store used by struct.device_attribute.624193 Function: zeroing_mode_store used by struct.device_attribute.624193 Function: pps_cdev_ioctl used by struct.file_operations Function: md_ioctl used by  new discover:struct.block_device_operations.299656 Function: inet6_create used by struct.net_proto_family.888382 Function: set_permissions used by  new discover:struct.ctl_table_root Function: serport_ldisc_open used by  new discover:struct.tty_ldisc_ops.359248 Function: pidns_install used by struct.proc_ns_operations Function: uart_set_info_user used by  new discover:struct.tty_operations Function: uart_proc_show used by struct.tty_operations Function: perf_mmap used by struct.file_operations.114474 Function: proc_cap_handler used by  new discover:struct.ctl_table Function: r_show used by  new discover:struct.seq_operations Function: __ia32_sys_nice used by  new discover:struct.load_weight Function: efivar_attr_show used by struct.sysfs_ops.714069 Function: efivar_attr_store used by struct.sysfs_ops.714069 Function: force_store used by struct.kobj_attribute Function: rtc_dev_ioctl used by struct.file_operations Function: rtc_dev_compat_ioctl used by struct.file_operations Function: audit_multicast_bind used by  new discover:struct.netlink_kernel_cfg Function: dm_blk_ioctl used by  new discover:struct.block_device_operations.700576 Function: inet_create used by struct.net_proto_family.853325 Function: packet_sendmsg_spkt used by  new discover:struct.proto_ops Function: rdev_attr_store used by struct.sysfs_ops.299478 Function: flow_dissector_func_proto used by struct.bpf_verifier_ops Function: do_ip6t_get_ctl used by  new discover:struct.nf_sockopt_ops.916718 Function: do_ip6t_set_ctl used by struct.nf_sockopt_ops.916718 Function: ext4_fileattr_set used by struct.inode_operations Function: open_kcore used by  new discover:struct.proc_ops.78183 Function: cgroupns_install used by struct.proc_ns_operations Function: do_ipt_set_ctl used by  new discover:struct.nf_sockopt_ops.871620 Function: genl_bind used by struct.netlink_kernel_cfg Function: unix_ioctl used by struct.proto_ops Function: __inet6_bind used by  new discover:struct.ipv6_bpf_stub.888390 Function: cg_skb_is_valid_access used by struct.bpf_verifier_ops Function: net_ctl_permissions used by struct.ctl_table_root Function: packet_sendmsg used by struct.proto_ops Function: ipip6_tunnel_ctl used by  new discover:struct.net_device_ops.859158 Function: ipcns_install used by struct.proc_ns_operations Function: vt_ioctl used by struct.tty_operations Function: netlink_setsockopt used by struct.proto_ops Function: netlink_sendmsg used by struct.proto_ops Function: devinet_sysctl_forward used by struct.ctl_table Function: sr_block_ioctl used by  new discover:struct.block_device_operations.618289 Function: vt_compat_ioctl used by struct.tty_operations Function: utsns_install used by struct.proc_ns_operations Function: ifalias_store used by struct.device_attribute.768094 Function: state_store.73199 used by struct.device_attribute.1000864 Function: seccomp_actions_logged_handler used by struct.ctl_table Function: i915_perf_add_config_ioctl used by struct.drm_ioctl_desc Function: carrier_store used by struct.device_attribute.768094 Function: soft_store used by struct.device_attribute.1000864 Function: nvram_misc_ioctl used by struct.file_operations Function: max_write_same_blocks_store used by struct.device_attribute.624193 Function: do_ipt_get_ctl used by struct.nf_sockopt_ops.871620 Function: audit_receive used by struct.netlink_kernel_cfg Function: uart_ioctl used by struct.tty_operations Function: sg_proc_write_adio used by  new discover:struct.proc_ops.625850 Function: __x64_sys_nice used by struct.load_weight Function: store_rps_dev_flow_table_cnt used by struct.rx_queue_attribute Function: packet_create used by struct.net_proto_family.781607 Function: proc_bus_pci_read used by struct.proc_ops.78183 Function: mntns_install used by struct.proc_ns_operations Function: ext4_attr_store used by struct.sysfs_ops Function: lwt_out_func_proto used by struct.bpf_verifier_ops Function: proc_do_static_key used by struct.ctl_table Function: mtrr_open used by  new discover:struct.proc_ops Function: random_ioctl used by struct.file_operations Function: netlink_connect used by struct.proto_ops Function: cpu_store used by struct.kobj_attribute Function: devkmsg_open used by struct.file_operations Function: ipip6_tunnel_siocdevprivate used by struct.net_device_ops.859158 Function: i915_perf_open_ioctl used by struct.drm_ioctl_desc Function: cg_skb_func_proto used by struct.bpf_verifier_ops Function: type_store used by struct.kobj_attribute Function: sk_msg_func_proto used by struct.bpf_verifier_ops Function: netns_install used by struct.proc_ns_operations Function: gro_flush_timeout_store used by struct.device_attribute.768094 Function: netlink_bind used by struct.proto_ops Function: __x64_sys_iopl used by struct.load_weight Function: msr_open used by struct.file_operations Function: autofs_dev_ioctl used by struct.file_operations Function: xdp_func_proto used by struct.bpf_verifier_ops Function: timerslack_ns_write used by struct.file_operations.177730 Function: sd_ioctl used by  new discover:struct.block_device_operations.623966 Function: mode_store used by struct.kobj_attribute Function: timens_install used by struct.proc_ns_operations Function: __x64_sys_finit_module used by struct.load_weight Function: __ia32_sys_finit_module used by struct.load_weight Function: sdev_store_eh_timeout used by struct.device_attribute.620918 Function: __ia32_compat_sys_kexec_load used by struct.load_weight Function: pagemap_read used by struct.file_operations Function: __ia32_sys_iopl used by struct.load_weight Function: allow_restart_store used by struct.device_attribute.624193 Function: proc_bus_pci_mmap used by struct.proc_ops.78183 Function: napi_defer_hard_irqs_store used by struct.device_attribute.768094 Function: tx_queue_len_store used by struct.device_attribute.768094 Function: flags_store used by struct.device_attribute.768094 Function: ptp_ioctl used by  new discover:struct.posix_clock_operations Function: tty_ioctl used by struct.file_operations Function: sg_proc_write_dressz used by struct.proc_ops.625850 Function: __do_sys_vhangup used by struct.load_weight Function: numa_node_store used by struct.device_attribute.320846 Function: i915_gem_context_reset_stats_ioctl used by struct.drm_ioctl_desc Function: nfnetlink_rcv used by struct.netlink_kernel_cfg Function: i915_getparam_ioctl used by struct.drm_ioctl_desc Function: protection_type_store used by struct.device_attribute.624193 Function: open_port used by struct.file_operations Function: i915_gem_context_setparam_ioctl used by struct.drm_ioctl_desc Function: sk_skb_func_proto used by struct.bpf_verifier_ops Function: ip_setsockopt used by  new discover:struct.proto STOP WATCH[0]: 473.840000 ms Collecting Initialization Closure. Finding Kernel Entry Point and all __initcall_ Found x86_64_start_kernel STOP WATCH[1]: 58.139000 ms Initial Kernel Init Function Count:2 Over Approximate Kernel Init Functions STOP WATCH[1]: 29.265000 ms Refine Result refine pass 0 1682 left refine pass 1 911 left refine pass 2 675 left refine pass 3 586 left refine pass 4 565 left refine pass 5 563 left Refine result : count=563 STOP WATCH[1]: 19.175000 ms =Kernel Init Functions= set_phy_reg early_security_init set_dma_reserve append_ordered_lsm lsm_allowed lsm_set_blob_sizes lsm_early_task initialize_lsm acpi_reallocate_root_table tk_set_wall_to_mono uprobes_init fork_init acpi_reserve_initial_tables cgroup_init_cftypes cgroup_rstat_boot dmi_decode_table cred_init security_init ordered_lsm_init ordered_lsm_parse taskstats_init_early kfree_rcu_batch_init rcu_bootup_announce_oddness rcu_boot_init_percpu_data rcu_init_one rcutree_prepare_cpu rcutree_online_cpu update_regset_xstate_info memblock_find_dma_reserve xfeature_is_aligned kexec_enter_virtual_mode efi_merge_regions __map_region efi_map_regions efi_set_virtual_address_map kernel_unmap_pages_in_pgd efi_native_runtime_setup efi_thunk_runtime_setup efi_memattr_apply_permissions efi_runtime_update_mappings __efi_enter_virtual_mode efi_dump_pagetable efi_enter_virtual_mode rcu_sync_enter_start efi_delete_dummy_variable rcu_dump_rcu_node_tree cpumask_weight.5933 pid_idr_init acpi_os_create_cache acpi_os_predefined_override acpi_ns_root_initialize acpi_ut_initialize_interfaces acpi_pic_sci_set_trigger acpi_early_init save_mr adjust_range_page_size_mask split_mem_range setup_zone_pageset setup_per_cpu_pageset init_tg_cfs_entry mds_select_mitigation kmem_cache_init_late register_refined_jiffies get_last_crashkernel call_function_init time_init parse_crashkernel_high event_trace_memsetup register_trigger_traceon_traceoff_cmds register_trigger_stacktrace_cmd register_event_command unregister_event_command event_trace_init_fields init_hw_breakpoint set_memory_nonglobal rcupdate_announce_bootup_oddness rcu_early_boot_tests set_proc_pid_nlink rcu_test_sync_prims arch_get_random_long arch_get_random_long_early crng_initialize_primary efi_alloc_page_tables sysfs_init reserve_bootmem_region memmap_init_reserved_pages __free_pages_memory __free_memory_core ntp_init timekeeping_init softirq_init srcu_init arch_get_random_seed_long_early init_timer_cpus posix_cputimers_init_work init_timers initcall_debug_enable taa_select_mitigation housekeeping_init perf_event_init_all_cpus init_sched_fair_class cea_map_percpu_pages percpu_setup_exception_stacks percpu_setup_debug_store setup_cpu_entry_areas idt_setup_traps trap_init efi_map_region identify_boot_cpu topology_smt_supported read_persistent_wall_and_boot_offset cpu_smt_check_topology spectre_v1_select_mitigation spectre_v2_parse_user_cmdline spectre_v2_select_mitigation __ssb_select_mitigation ssb_select_mitigation l1tf_select_mitigation srbds_select_mitigation l1d_flush_select_mitigation int3_selftest stop_nmi alternative_instructions trace_event_init efi_memattr_init x86_get_mtrr_mem_range tsx_init radix_tree_init parse_crashkernel_suffix wait_bit_init init_cfs_bandwidth init_rt_bandwidth init_dl_bandwidth init_defrootdomain init_cfs_rq init_rt_rq efi_free_boot_services prepare_lsm register_trigger_cmds set_num_var_ranges register_trigger_enable_disable_cmds hrtimers_prepare_cpu uts_ns_init e820__update_table_print preallocate_vmalloc_pages efi_setup_page_tables dmi_setup io_apic_init_mappings e820__memblock_setup mtrr_cleanup acpi_ut_create_rw_lock cpumask_weight.13680 proc_self_init setup_cpu_local_masks sched_clock_init e820__memblock_alloc_reserved_mpc_new reserve_brk __register_nosave_region load_ucode_intel_bsp parse_crashkernel init_vmlinux_build_id mtrr_bp_init e820_search_gap tracer_alloc_buffers e820__memblock_alloc_reserved map_vsyscall setup_nr_node_ids cgroup_init cpuset_init fpu__init_system test_can_verify_check early_acpi_parse_madt_lapic_addr_ovr parse_crashkernel_mem e820__register_nosave_regions arch_task_cache_init cpuset_init_current_mems_allowed vm_area_register_early trace_init proc_init_kmemcache cgroup_idr_alloc get_boot_config_from_initrd sysctl_init setup_initial_init_mm init_IRQ lookup_address cpu_set_bug_bits init_ohci1394_reset_and_init_dma init_mem_debugging_and_hardening acpi_os_initialize idt_setup_early_handler build_id_parse_buf nsproxy_cache_init vfs_caches_init perf_event_init_cpu get_phy_reg setup_xstate_features workqueue_init_early crng_init_try_arch_early acpi_process_madt __load_ucode_amd rand_initialize probe_page_size_mask memblock_set_node efi_md_typeattr_format spectre_v2_user_select_mitigation __parse_crashkernel apply_microcode_early_amd x86_64_start_kernel get_cpu_vendor early_identify_cpu cgroup1_ssid_disabled efi_esrt_init pcpu_free_alloc_info initmem_init efi_print_memmap bdev_cache_init cgroup_init_subsys parse_crashkernel_simple e820_add_kernel_range pti_clone_p4d efi_init arch_post_acpi_subsys_init prandom_bytes_state early_irq_init mcheck_init page_writeback_init acpi_osi_dmi_darwin unregister_die_notifier kobj_map_init get_xsaves_size_no_independent pcpu_page_first_chunk print_xstate_features cmdline_find_option_bool event_trace_enable early_reserve_memory load_ucode_bsp relocate_initrd acpi_initialize_subsystem cpu_mitigations_auto_nosmt shmem_init dmi_present idt_setup_early_traps rest_init irq_alloc_matrix cgroup_init_early mem_encrypt_init sort_main_extable init_std_data numa_init_array proc_thread_self_init pcpu_chunk_relocate kaslr_get_random_long early_trace_init acpi_table_upgrade memblock_x86_reserve_range_setup_data chrdev_init proc_caches_init cgroup_add_cftypes check_loader_disabled_bsp dmi_walk_early setup_cpu_entry_area mce_register_decode_chain idt_setup_early_pf init_ohci1394_controller start_kernel efi_systab_init early_reserve_initrd e820__memory_setup x86_report_nx cgroup_add_dfl_cftypes reset_all_zones_managed_pages efi_tpm_eventlog_init lsm_early_cred tick_init therm_lvt_init build_all_zonelists inode_init pti_clone_user_shared dcache_init pti_init signals_init cpumask_weight.8024 kernfs_init acpi_subsystem_init acpi_ut_mutex_initialize e820__memory_setup_extended numa_policy_init early_ioremap_init init_rootfs load_ucode_amd_bsp pcpu_dump_alloc_info pcpu_alloc_first_chunk dcache_init_early files_init numa_cleanup_meminfo cgroup_add_legacy_cftypes proc_tty_init parse_early_param kzalloc per_cpu_pages_init efi_mem_desc_end arch_reserve_mem_area print_xstate_feature setup_supervisor_only_offsets check_dev_quirk smp_setup_processor_id arch_call_rest_init memory_map_top_down vsmp_init numa_move_tail_memblk fpu__get_fpstate_size mp_config_acpi_legacy_irqs fpu__init_prepare_fx_sw_frame sched_init console_init efi_map_region_fixed tick_broadcast_init perf_event_init setup_bios_corruption_check efi_apply_memmap_quirks vfs_caches_init_early delayacct_init inode_init_early memblock_free_all build_all_zonelists_init n_tty_init x86_early_init_platform_quirks init_memory_mapping proc_root_init do_extra_xstate_size_checks report_meminit acpi_ut_create_caches acpi_parse_spcr rcu_init rcu_scheduler_starting init_dl_rq ssb_parse_cmdline x86_amd_ssb_disable files_maxfiles_init free_low_memory_core_early set_vsyscall_pgtable_user_bits mnt_init e820_type_to_string kernel_randomize_memory early_memremap_ro early_pci_scan_bus dmi_scan_machine mminit_verify_zonelist amd_special_default_mtrr dmi_memdev_walk init_range_memory_mapping e820__setup_pci_gap nsfs_init copy_bootdata anon_vma_init efi_memmap_init_late boot_cpu_hotplug_init reserve_crashkernel_low proc_sys_init snb_gfx_workaround_needed check_bugs x86_read_arch_cap_msr prb_record_text_space efi_reserve_boot_services cpu_parse_early_param thread_stack_cache_init prefill_possible_map mmap_init acpi_parse_madt_lapic_entries create_kmalloc_cache restart_nmi pci_iommu_alloc parse_crashkernel_low alloc_ioapic_saved_registers mem_init_print_info arch_early_ioapic_init early_acpi_process_madt pti_user_pagetable_walk_pte x86_64_start_reservations free_area_init_memoryless_node efi_systab_report_header efi_systab_check_header absent_pages_in_range match_config_table efi_thunk_set_virtual_address_map acpi_parse_madt_ioapic_entries arch_early_irq_init acpi_boot_init irq_set_default_host memblock_set_current_limit memblock_trim_memory init_mount_tree prb_init e820__finish_early_params set_vsmp_ctl efi_config_init reserve_initrd print_filtered swiotlb_size_or_default dmi_smbios3_present seq_file_init hrtimers_init set_task_stack_end_magic trim_bios_range boot_cpu_init sld_setup setup_arch unwind_init mcheck_vendor_init_severity firmware_map_add_early new_kmalloc_cache ioapic_setup_resources init_gi_nodes map_fw_vendor efi_config_parse_tables alloc_node_data init_cpu_to_node init_apic_mappings apic_validate_deadline_timer trace_printk_start_comm early_panic e820__reserve_resources e820_type_to_iores_desc dump_stack_set_arch_desc proc_create_mount_point reserve_crashkernel do_add_efi_memmap memblock_phys_mem_size x86_numa_init numa_init acpi_os_map_generic_address memblock_dump numa_meminfo_cover_memory numa_clear_kernel_node_hotplug memblock_clear_hotplug early_acpi_boot_init acpi_blacklisted tpm2_calc_event_log_size memblock_dump_all __memblock_dump_all cmdline_find_option acpi_table_init_complete trim_snb_memory init_cache_modes efi_memmap_init_early acpi_ut_init_globals early_platform_quirks vsmp_cap_cpus detect_vsmp_box efi_reuse_config e820__print_table efi_unmap_pages init_ohci1394_dma_on_all_controllers init_ohci1394_wait_for_busresets init_ohci1394_initialize init_ohci1394_soft_reset init_mem_mapping init_trampoline early_quirks clean_sort_range add_range_with_merge kernel_physical_mapping_init cpu_mitigations_off reserve_real_mode pti_check_boottime_disable copy_from_early_mem key_init can_free_region early_acpi_osi_init acpi_osi_dmi_blacklisted init_trampoline_kaslr memblock_add memblock_allow_resize cleanup_highmap early_alloc_pgt_buf e820__end_of_low_ram_pfn e820_end_pfn free_saved_cmdlines_buffer mtrr_trim_uncached_memory mtrr_bp_pat_init get_mtrr_state print_mtrr_state print_fixed proc_net_init e820__end_of_ram_pfn setup_init_fpu_buf tsc_early_init numa_reset_distance memblock_overlaps_region efi_clean_memmap efi_memmap_entry_valid add_bootloader_randomness e820__reserve_setup_data acpi_mps_check parse_setup_data parse_efi_setup efi_find_mirror memblock_mark_mirror reserve_bios_regions vm_area_add_early efi_memblock_x86_reserve_range x86_configure_nx early_ioremap_pmd early_ioremap_setup static_call_init early_cpu_init add_preferred_console init_sigframe_size fpu__init_system_xstate print_xstate_offset_size setup_xstate_comp_offsets init_xstate_size fpu__init_system_generic fpstate_init sld_state_setup split_lock_setup __split_lock_setup idle_thread_set_boot_cpu setup_command_line setup_nr_cpu_ids setup_per_cpu_areas setup_node_to_cpumask_map pcpu_setup_first_chunk lcm pcpu_build_alloc_info poking_init __build_all_zonelists build_zonelists page_alloc_init acpi_boot_table_init jump_label_init add_to_rb get_mtrr_var_range arch_probe_nr_irqs dmi_format_ids numa_register_memblks io_delay_init memory_map_bottom_up print_unknown_bootoptions pcpu_embed_first_chunk setup_log_buf mm_init pti_setup_vsyscall init_espfix_bsp init_espfix_random vmalloc_init pgtable_cache_init kmem_cache_init create_kmalloc_caches setup_kmalloc_cache_index_table bootstrap create_boot_cache no_hash_pointers_enable mem_init kclist_add check_iommu_entries sort_iommu_table spectre_v2_parse_cmdline copy_init_mm pagecache_init log_buf_add_cpu mds_print_mitigation memblock_phys_alloc_try_nid =o= STOP WATCH[0]: 107.108000 ms Identify Kernel Modules Interface STOP WATCH[0]: 60.221000 ms dynamic KMI #dyn kmi resolved:2445 STOP WATCH[0]: 241.413000 ms Populate indirect callsite using kernel module interface I am expecting a pointer type! got:%struct.rq_qos.304383 = type { %struct.rq_qos_ops.304382*, %struct.request_queue.304394*, i32, %struct.rq_qos.304383*, %struct.dentry.304423* } I am expecting a pointer type! got:%struct.rq_qos.304383 = type { %struct.rq_qos_ops.304382*, %struct.request_queue.304394*, i32, %struct.rq_qos.304383*, %struct.dentry.304423* } ------ KMI STATISTICS ------ # of indirect call sites: 19321 # resolved by KMI:17688 91% # - KMI:6213 32% # - DKMI:4419 22% # (total target) of callee:85223 # undefined-found-m : 5817 30% # undefined-udf-m : 1239 6% # fpara(KMI can not handle, try SVF?): 530 2% # global fptr(try SVF?): 125 0% # cast fptr(try SVF?): 0 0% # call use container_of(), high level type info stripped: 912 4% # unknown pattern:66 0% STOP WATCH[0]: 5987.961000 ms Collect all permission-checked variables and functions Critical functions skipped because of skip func list: 287 STOP WATCH[0]: 3876948.340000 ms Collected 1719 critical functions Collected 299 critical variables Collected 322 critical type/fields --- Variables Protected By Gating Function--- vt_kmsg_redirect.kmsg_con CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable shift_down CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check keymap_count CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check sg_big_buff CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check redirect CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cpu_bit_bitmap CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcc_mbox_channels CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcc_doorbell_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_fadt_gpe_device CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_current_gpe_count CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_all_gpes_initialized CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_gpe_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_events_initialized CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_disabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_kobj CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable hpet_freq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_sb_native_usb4_support_confirmed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_pc_lpi_support_confirmed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_sb_apei_support_acked CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable first_ec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ioport_resource CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable boot_ec_is_ecdt CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_irqdomain CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_detected CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable amd_iommu_detected CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable amd_iommu_list CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_iommu_enabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_rdev_list_generation CAP_NET_BROADCAST @ file_ns_capable nl_table CAP_NET_BROADCAST @ file_ns_capable ipc_kht_params CAP_IPC_OWNER @ ns_capable name_len CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mtime CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kbd_table CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check rdev CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check uts_ns_cache CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable collected CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check compat_elf_format CAP_IPC_LOCK @ capable ioam6_net_ops CAP_NET_BROADCAST @ file_ns_capable mq_lock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable max_vals CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check netlbl_calipso_gnl_family CAP_NET_BROADCAST @ file_ns_capable i8042_nomux CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable boot_ec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable state CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_processor_cpufreq_init CAP_NET_BROADCAST @ file_ns_capable sit_net_id CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check gid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fg_console CAP_KILL @ ns_capable switch.table.intel_overlay_put_image_ioctl.58 CAP_NET_BROADCAST @ file_ns_capable tcp_ulp_list CAP_NET_ADMIN @ capable system_wq CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_SYS_NICE @ capable inconsistent check swap_avail_heads CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable this_cpu_off CAP_SYSLOG @ has_capability_noaudit %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ __netlink_ns_capable inconsistent check pcc_data CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_pci_disabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable secretmem_vm_ops CAP_IPC_LOCK @ capable packet_ops_spkt CAP_NET_RAW @ ns_capable mac80211_ht_capa_mod_mask CAP_NET_BROADCAST @ file_ns_capable alloc_empty_file.old_max CAP_SYS_ADMIN @ capable delayed_uprobe_lock CAP_IPC_LOCK @ capable dma_map_single_attrs.__already_done.52394 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable uts_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable fl_ht CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check reboot_default CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable ip6_segments_ops CAP_NET_BROADCAST @ file_ns_capable kioctx_cachep CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable sysctl_protected_regular CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mntns_operations CAP_SYS_ADMIN @ ns_capable __supported_pte_mask CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check numa_node CAP_IPC_LOCK @ capable nr_node_ids CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check ieee80211_debugfs_dir CAP_NET_BROADCAST @ file_ns_capable wfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check madvise_populate.__already_done CAP_IPC_LOCK @ capable uid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check elf_format CAP_IPC_LOCK @ capable cgrp_dfl_root CAP_SYS_ADMIN @ ns_capable randomize_va_space CAP_IPC_LOCK @ capable prepare_uretprobe._rs CAP_IPC_LOCK @ capable cgroup_mutex CAP_SYS_ADMIN @ ns_capable delayed_uprobe_list CAP_IPC_LOCK @ capable acpi_irq_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable key_quota_root_maxkeys CAP_SYS_ADMIN @ capable nr_swapfiles CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable store_rps_map.rps_map_mutex CAP_NET_ADMIN @ capable switch.table.intel_overlay_put_image_ioctl.57 CAP_NET_BROADCAST @ file_ns_capable key_quota_root_maxbytes CAP_SYS_ADMIN @ capable cfg80211_pernet_ops CAP_NET_BROADCAST @ file_ns_capable drv_leave_ibss.__already_done CAP_NET_BROADCAST @ file_ns_capable swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable audit_backlog_wait CAP_NET_BROADCAST @ file_ns_capable acpi_bus_type CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cmos_platform_driver CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable total_swap_pages CAP_SYS_ADMIN @ capable cb_lock CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check table.64810 CAP_NET_ADMIN @ netlink_net_capable mnt_group_ida CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check drv_sta_set_4addr.__already_done CAP_NET_BROADCAST @ file_ns_capable least_priority CAP_SYS_ADMIN @ capable uevent_sock_mutex CAP_SYS_ADMIN @ netlink_ns_capable image_size CAP_SYS_ADMIN @ capable warn_mandlock.__already_done CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sysctl_overcommit_memory CAP_IPC_LOCK @ capable mac80211_vht_capa_mod_mask CAP_NET_BROADCAST @ file_ns_capable reboot_force CAP_SYS_BOOT @ capable vm_committed_as_batch CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check nr_files CAP_SYS_ADMIN @ capable trace_taskinfo_save CAP_SYSLOG @ has_capability_noaudit default_qdisc_ops CAP_NET_ADMIN @ capable key_quota_maxbytes CAP_SYS_ADMIN @ capable pm_power_off CAP_SYS_BOOT @ ns_capable mode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check C_A_D CAP_SYS_BOOT @ ns_capable i8042_ctr CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable selinux_state CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit qdisc_root_sleeping_running.__already_done CAP_NET_ADMIN @ netlink_ns_capable vm_committed_as CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check i8042_start_time CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_struct_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable primary_crng CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable free_ipc_list CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cfg80211_regdomain CAP_NET_BROADCAST @ file_ns_capable ioctl_fibmap._rs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check lookup_ioctl._ioctls CAP_SYS_ADMIN @ capable trace_buffered_event_cnt CAP_SYSLOG @ has_capability_noaudit init_net CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check pidfd_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable next_tick CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mds_clear_cpu_buffers.ds.8991 CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check aio_max_nr CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable acct_on_mutex CAP_SYS_PACCT @ capable efivar_sysfs_list CAP_SYS_ADMIN @ capable nsproxy_cachep CAP_SYS_ADMIN @ ns_capable next_state CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check zero_pfn CAP_IPC_LOCK @ capable tty_ldisc_autoload CAP_SYS_MODULE @ capable system_transition_mutex CAP_SYS_ADMIN @ capable CAP_SYS_BOOT @ ns_capable inconsistent check hpet_base.3 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_user_regdom CAP_NET_BROADCAST @ file_ns_capable trace_buffered_event CAP_SYSLOG @ has_capability_noaudit md_misc_wq CAP_SYS_ADMIN @ capable acpi_sci_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_special_inode_operations CAP_SYS_RESOURCE @ capable body_len CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_pid_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cppc_mbox_cl CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable event_mutex CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check crng_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable aio_nr CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable cfg80211_wq CAP_NET_BROADCAST @ file_ns_capable reg_pdev CAP_NET_BROADCAST @ file_ns_capable ext4_filetype_table CAP_SYS_RESOURCE @ capable ipv6_bpf_stub_impl CAP_NET_BROADCAST @ file_ns_capable ioam6_genl_family CAP_NET_BROADCAST @ file_ns_capable freezer_test_done CAP_SYS_ADMIN @ capable qdisc_base CAP_NET_ADMIN @ capable module_mutex CAP_SYS_MODULE @ capable mac80211_config_ops CAP_NET_BROADCAST @ file_ns_capable pipefifo_fops CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check dmar_drhd_units CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_poll_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable all_mddevs_lock CAP_SYS_ADMIN @ capable user_alpha2.0 CAP_NET_BROADCAST @ file_ns_capable swap_active_head CAP_SYS_ADMIN @ capable iommu_group_store_type._rs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check req_cachep CAP_SYS_NICE @ capable CAP_BLOCK_SUSPEND @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check major CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fscontext_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable uprobes_tree CAP_IPC_LOCK @ capable oom_adj_mutex CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable i8042_irq_being_tested CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tty_ldiscs_lock CAP_SYS_MODULE @ capable task_struct_cachep CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check process_counts CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable total_forks CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable event CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check m_hash_mask CAP_SYS_ADMIN @ ns_capable last_request CAP_NET_BROADCAST @ file_ns_capable xfrm_msg_min CAP_NET_ADMIN @ netlink_net_capable uart_set_info._rs CAP_SYS_ADMIN @ capable iommu_group_store_type._rs.45 CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cn_proc_event_id CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ __netlink_ns_capable inconsistent check i8042_aux_irq_delivered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_completion.__key.4859 CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ex_mountpoints CAP_SYS_ADMIN @ ns_capable i8042_driver CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable hugetlb_file_setup.__already_done CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable in_suspend CAP_SYS_ADMIN @ capable mount_hashtable CAP_SYS_ADMIN @ ns_capable netlbl_cipsov4_gnl_family CAP_NET_BROADCAST @ file_ns_capable drm_global_mutex CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check pci_bus_type CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mmap_min_addr CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable inconsistent check vt_dont_switch CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check kcore_need_update CAP_SYS_RAWIO @ capable uevent_seqnum CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ netlink_ns_capable inconsistent check reg_requests_list CAP_NET_BROADCAST @ file_ns_capable pipe_mnt CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check switch.table.do_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check check_syslog_permissions.__already_done CAP_SYS_ADMIN @ capable CAP_SYSLOG @ capable CAP_SYS_ADMIN @ capable CAP_SYSLOG @ capable inconsistent check sysctl_protected_fifos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tty_ldiscs CAP_SYS_MODULE @ capable namespace_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check netlbl_unlabel_gnl_family CAP_NET_BROADCAST @ file_ns_capable netlbl_mgmt_gnl_family CAP_NET_BROADCAST @ file_ns_capable nl80211_fam CAP_NET_BROADCAST @ file_ns_capable reboot_cpu CAP_SYS_BOOT @ capable nl80211_netlink_notifier CAP_NET_BROADCAST @ file_ns_capable cfg80211_netdev_notifier CAP_NET_BROADCAST @ file_ns_capable ipv6_stub_impl CAP_NET_BROADCAST @ file_ns_capable seg6_genl_family CAP_NET_BROADCAST @ file_ns_capable drm_minors_idr CAP_NET_BROADCAST @ file_ns_capable xfrm_dispatch CAP_NET_ADMIN @ netlink_net_capable proc_root_kcore CAP_SYS_RAWIO @ capable genl_ctrl CAP_NET_BROADCAST @ file_ns_capable genl_pernet_ops CAP_NET_BROADCAST @ file_ns_capable i8042_present CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable crda_timeout CAP_NET_BROADCAST @ file_ns_capable reg_regdb_apply_list CAP_NET_BROADCAST @ file_ns_capable force_on CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable user_alpha2.1 CAP_NET_BROADCAST @ file_ns_capable core_request_world CAP_NET_BROADCAST @ file_ns_capable ieee80211_dataif_ops CAP_NET_BROADCAST @ file_ns_capable auditd_conn CAP_NET_BROADCAST @ file_ns_capable kauditd_wait CAP_NET_BROADCAST @ file_ns_capable cgroupns_operations CAP_SYS_ADMIN @ ns_capable audit_enabled CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check switch.table.intel_overlay_put_image_ioctl.59 CAP_NET_BROADCAST @ file_ns_capable acpi_processor_notifier_block CAP_NET_BROADCAST @ file_ns_capable packet_proto CAP_NET_RAW @ ns_capable acpi_processor_driver CAP_NET_BROADCAST @ file_ns_capable nfnetlink_pernet_id CAP_NET_ADMIN @ netlink_net_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check m_hash_shift CAP_SYS_ADMIN @ ns_capable seccomp_actions_logged CAP_SYS_ADMIN @ capable azx_max_codecs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pipe_max_size CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check sel_write_load._rs CAP_CHOWN @ avc_has_perm_noaudit netns_wq CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable switch.table.sg_io CAP_SYS_RAWIO @ capable sel_make_bools._rs CAP_CHOWN @ avc_has_perm_noaudit dma_map_single_attrs.__already_done.52770 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sel_bool_ops CAP_CHOWN @ avc_has_perm_noaudit sel_class_ops CAP_CHOWN @ avc_has_perm_noaudit sel_write_checkreqprot.__already_done CAP_CHOWN @ avc_has_perm_noaudit sel_perm_ops CAP_CHOWN @ avc_has_perm_noaudit sg_allow_dio CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check sysctl_hugetlb_shm_group CAP_IPC_LOCK @ capable pgdir_shift CAP_SYS_ADMIN @ capable ext4_mount_msg_ratelimit CAP_SYS_RESOURCE @ capable key_quota_maxkeys CAP_SYS_ADMIN @ capable ext4__ioend_wq CAP_SYS_RESOURCE @ capable percpu_counter_batch CAP_SYS_RESOURCE @ capable sysctl_perf_event_paranoid CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check system_power_efficient_wq CAP_NET_BROADCAST @ file_ns_capable sysctl_perf_event_sample_rate CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check perf_fops CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check ipip6_tunnel_del_prl.__already_done CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check init_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ipip6_tunnel_add_prl.__already_done CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check i915_oa_max_sample_rate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %258 = call zeroext i1 @capable(i32 38) #76 cap_no=38 %124 = call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check reboot_type CAP_SYS_BOOT @ capable cleanup_list.63190 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable alarm_bases CAP_WAKE_ALARM @ capable CAP_WAKE_ALARM @ capable init_cgroup_ns CAP_SYS_ADMIN @ ns_capable reboot_mode CAP_SYS_BOOT @ capable offset_lock CAP_SYS_TIME @ file_ns_capable modules_disabled CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable phys_base CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check module_notify_list CAP_SYS_MODULE @ capable module_wq CAP_SYS_MODULE @ capable debug.52997 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable qdisc_mod_lock CAP_NET_ADMIN @ capable intel_iommu_init.__already_done CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kexec_load_disabled CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable pagemap_ops CAP_SYS_ADMIN @ file_ns_capable ext4_ioctl_checkpoint._rs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable io_uring_fops CAP_IPC_LOCK @ capable acpi_noirq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable trace_percpu_buffer CAP_SYSLOG @ has_capability_noaudit sel_write_load._rs.34 CAP_CHOWN @ avc_has_perm_noaudit driver_short_names CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_sb_native_usb4_control CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable platform_driver_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tcp_cong_list CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable i8042_aux_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_kbd_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_completion.__key.56248 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_debug CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable wfile_pos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check i8042_aux_irq_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_ports CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable serio_bus CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sysctl_protected_hardlinks CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check i8042_kbd_irq_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_map_single_attrs.__already_done.51974 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable names_cachep CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dmar_global_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_syscore_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_iommu_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable --- Function Protected By Gating Function--- scsi_autopm_put_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_try_host_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_try_bus_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_autopm_get_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check ata_task_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check ata_cmd_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check qdisc_graft CAP_NET_ADMIN @ netlink_ns_capable fifo_hd_init CAP_NET_ADMIN @ netlink_ns_capable dev_ingress_queue_create CAP_NET_ADMIN @ netlink_ns_capable mqueue_unlink CAP_FOWNER @ capable_wrt_inode_uidgid nfs_unlink CAP_FOWNER @ capable_wrt_inode_uidgid ext4_unlink CAP_FOWNER @ capable_wrt_inode_uidgid autofs_dir_unlink CAP_FOWNER @ capable_wrt_inode_uidgid msdos_unlink CAP_FOWNER @ capable_wrt_inode_uidgid shmem_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid simple_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid security_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid release_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid unlock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid fsnotify_move CAP_FOWNER @ capable_wrt_inode_uidgid __detach_mounts CAP_FOWNER @ capable_wrt_inode_uidgid nfs_rename CAP_FOWNER @ capable_wrt_inode_uidgid simple_rename CAP_FOWNER @ capable_wrt_inode_uidgid shmem_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid vfat_rename CAP_FOWNER @ capable_wrt_inode_uidgid msdos_rename CAP_FOWNER @ capable_wrt_inode_uidgid __is_local_mountpoint CAP_FOWNER @ capable_wrt_inode_uidgid lock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid take_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid security_inode_rename CAP_FOWNER @ capable_wrt_inode_uidgid i915_gem_context_release CAP_SYS_ADMIN @ capable tty_kref_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __tty_hangup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dev_change_flags CAP_NET_ADMIN @ ns_capable dev_change_tx_queue_len CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check drm_client_modeset_free CAP_SYS_ADMIN @ capable drm_dev_get CAP_SYS_ADMIN @ capable drm_gem_release CAP_SYS_ADMIN @ capable tcf_proto_signal_destroying CAP_NET_ADMIN @ netlink_ns_capable drm_syncobj_release CAP_SYS_ADMIN @ capable i915_driver_open CAP_SYS_ADMIN @ capable drm_gem_open CAP_SYS_ADMIN @ capable iomem_is_exclusive CAP_SYS_RAWIO @ capable pci_mmap_fits CAP_SYS_RAWIO @ capable kthread_bind_mask CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kthread_stop CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable clockevents_config_and_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_fastcom335_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devm_free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devres_add CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_walk_bus CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ut_remove_reference CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_attach_object CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_get_attached_object CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_os_release_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_os_acquire_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_debugfs_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_mmcfg_late_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_mkdir CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_bus_init_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_early_processor_set_pdc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_sysfs_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_get_handle CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_initialize_objects CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_enable_subsystem CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_async_device_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable irq_domain_remove CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_unlock_rescan_remove CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_walk_dsm_resource CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable disable_dmar_iommu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_set_root_entry CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_enable_translation CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable probe_acpi_namespace_devices CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_device_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_set_dma_strict CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable register_syscore_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_irq_postinstall CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_pm_attach_wake_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read_indirect_mbox CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read32_mbox_5906 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_set_power_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_reset_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_switch_clocks CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_poll_fw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable synchronize_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_restart_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_halt CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read_indirect_reg32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ioread8 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iowrite8 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netif_tx_wake_queue CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_clean_rx_ring CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_open CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_phy_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable shmem_unlink CAP_FOWNER @ capable_wrt_inode_uidgid e1000_read_phy_reg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_open CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable msleep_interruptible CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_configure_k1_ich8lan CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_update_phy_info_task CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_reset_interrupt_capability CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable usleep_range_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __ew32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_clean_rx_ring.52466 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_release_hw_control CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_set_interrupt_capability CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_enable_msi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable unregister_netdev CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sky2_set_multicast CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_close CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_set_loopback CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bus_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable enable_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_stop_rxtx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_map_page_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable is_vmalloc_addr CAP_NET_ADMIN @ netlink_net_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check nv_init_ring CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable disable_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8139_hw_start CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable napi_enable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_free_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_alloc_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8169_do_counters CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8169_up CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable phy_attached_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_sleep_proc_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable phy_set_max_speed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_write_config_byte CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable yenta_probe_cb_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_dev_put CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable xhci_run CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl_fw_release_firmware CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable request_threaded_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_check_mux CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable wait_for_completion_timeout CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_dev_clear_dependencies CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __i8042_command CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bad_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid azx_probe_codecs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable snd_card_disconnect CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __cleanup_nmi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable irq_chip_pm_put CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __init_rwsem CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __ftrace_trace_stack CAP_SYSLOG @ has_capability_noaudit filter_match_preds CAP_SYSLOG @ has_capability_noaudit ring_buffer_event_data CAP_SYSLOG @ has_capability_noaudit netlink_ack CAP_NET_ADMIN @ netlink_net_capable ring_buffer_lock_reserve CAP_SYSLOG @ has_capability_noaudit ring_buffer_nest_start CAP_SYSLOG @ has_capability_noaudit io_ring_ctx_wait_and_kill CAP_IPC_LOCK @ capable __SCT__tp_func_io_uring_create CAP_IPC_LOCK @ capable free_compound_page CAP_IPC_LOCK @ capable jbd2_journal_unlock_updates CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mdio_ctrl_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable jbd2_journal_flush CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable jbd2_journal_lock_updates CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable swap_inode_data CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_ext_tree_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_double_down_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_fc_start_ineligible CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable walk_page_range CAP_SYS_ADMIN @ file_ns_capable do_kexec_load CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable gen_replace_estimator CAP_NET_ADMIN @ netlink_ns_capable sr_reset CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable kernel_read_file_from_fd CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable security_kernel_post_load_data CAP_SYS_MODULE @ capable security_kernel_load_data CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_MODULE @ capable inconsistent check set_normalized_timespec64 CAP_SYS_TIME @ file_ns_capable pci_xr17v35x_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cgroup_do_get_tree CAP_SYS_ADMIN @ ns_capable cgroup_setup_root CAP_SYS_ADMIN @ ns_capable logfc CAP_SYS_ADMIN @ ns_capable check_cgroupfs_options CAP_SYS_ADMIN @ ns_capable acpi_ev_init_global_lock_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cgroup_lock_and_drain_offline CAP_SYS_ADMIN @ ns_capable security_task_getscheduler CAP_SYS_NICE @ ns_capable vfat_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid fib_new_table CAP_NET_ADMIN @ ns_capable fib_table_delete CAP_NET_ADMIN @ ns_capable inet_addr_type_table CAP_NET_ADMIN @ ns_capable fl_release CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check local_bh_enable.67793 CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check perf_uprobe_init CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check raw_abort CAP_NET_ADMIN @ ns_capable drop_super_exclusive CAP_SYS_ADMIN @ capable drop_super CAP_SYS_ADMIN @ capable wbinvd_on_cpu CAP_SYS_ADMIN @ capable perf_event_enable CAP_SYS_ADMIN @ capable cpumask_weight.6736 CAP_SYS_BOOT @ capable strndup_user CAP_SYS_TTY_CONFIG @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_get_mac_address CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check dev_get_flags CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check iomem_get_mapping CAP_SYS_RAWIO @ capable acpi_ut_release_mutex CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_ethtool CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check rhashtable_destroy CAP_IPC_LOCK @ capable credit_entropy_bits CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable trace_event_dyn_put_ref CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check destroy_local_trace_kprobe CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check destroy_local_trace_uprobe CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check __perf_remove_from_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check x86_pmu_aux_output_match CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check find_get_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check perf_event_alloc CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check find_task_by_vpid CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check modify_user_hw_breakpoint_check CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check tg3_phy_start CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable single_open CAP_SYS_ADMIN @ capable __dquot_free_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ext4_xattr_delete_inode CAP_SYS_RESOURCE @ capable ext4_ind_truncate_ensure_credits CAP_SYS_RESOURCE @ capable congestion_wait CAP_SYS_RESOURCE @ capable ext4_ext_shift_extents CAP_SYS_RESOURCE @ capable qdisc_create CAP_NET_ADMIN @ netlink_ns_capable block_commit_write CAP_SYS_RESOURCE @ capable ext4_split_extent_at CAP_SYS_RESOURCE @ capable ext4_es_insert_extent CAP_SYS_RESOURCE @ capable ext4_extent_block_csum_set CAP_SYS_RESOURCE @ capable ext4_issue_zeroout CAP_SYS_RESOURCE @ capable ext4_mb_mark_bb CAP_SYS_RESOURCE @ capable ext4_map_blocks CAP_SYS_RESOURCE @ capable ext4_release_io_end CAP_SYS_RESOURCE @ capable ext4_fc_commit CAP_SYS_RESOURCE @ capable ext4_set_iomap CAP_SYS_RESOURCE @ capable ext4_get_block CAP_SYS_RESOURCE @ capable ext4_es_find_extent_range CAP_SYS_RESOURCE @ capable ext4_fc_track_range CAP_SYS_RESOURCE @ capable ext4_ind_remove_space CAP_SYS_RESOURCE @ capable ext4_es_remove_extent CAP_SYS_RESOURCE @ capable jbd2_journal_inode_ranged_write CAP_SYS_RESOURCE @ capable __ext4_error_file CAP_SYS_RESOURCE @ capable __ext4_read_dirblock CAP_SYS_RESOURCE @ capable ext4_htree_store_dirent CAP_SYS_RESOURCE @ capable __ext4_check_dir_entry CAP_SYS_RESOURCE @ capable ext4_mark_recovery_complete CAP_SYS_RESOURCE @ capable ext4_orphan_cleanup CAP_SYS_RESOURCE @ capable ext4_enable_quotas CAP_SYS_RESOURCE @ capable init_special_inode CAP_SYS_RESOURCE @ capable ext4_reset_inode_seed CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __ext4_new_inode CAP_SYS_RESOURCE @ capable __ext4_iget CAP_SYS_RESOURCE @ capable ext4_xattr_inode_get CAP_SYS_RESOURCE @ capable __ext4_xattr_check_block CAP_SYS_RESOURCE @ capable ext4_sb_bread CAP_SYS_RESOURCE @ capable mb_cache_entry_create CAP_SYS_RESOURCE @ capable mb_cache_entry_touch CAP_SYS_RESOURCE @ capable ext4_read_bh_lock CAP_SYS_RESOURCE @ capable __ext4_journal_get_create_access CAP_SYS_RESOURCE @ capable __pagevec_release CAP_SYS_RESOURCE @ capable __dquot_alloc_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check d_splice_alias CAP_SYS_RESOURCE @ capable ext4_bio_write_page CAP_SYS_RESOURCE @ capable ext4_count_free_clusters CAP_SYS_RESOURCE @ capable mpage_map_one_extent CAP_SYS_RESOURCE @ capable ext4_truncate CAP_SYS_RESOURCE @ capable ext4_free_blocks CAP_SYS_RESOURCE @ capable e1000_irq_disable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_discard_preallocations CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check truncate_pagecache_range CAP_SYS_RESOURCE @ capable ext4_wait_for_tail_page_commit CAP_SYS_RESOURCE @ capable __lock_buffer CAP_SYS_RESOURCE @ capable pagecache_isize_extended CAP_SYS_RESOURCE @ capable ext4_delete_entry CAP_SYS_RESOURCE @ capable device_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check __ext4_fc_track_create CAP_SYS_RESOURCE @ capable __ext4_fc_track_unlink CAP_SYS_RESOURCE @ capable __ext4_fc_track_link CAP_SYS_RESOURCE @ capable add_dirent_to_buf CAP_SYS_RESOURCE @ capable ext4_handle_dirty_dx_node CAP_SYS_RESOURCE @ capable ext4fs_dirhash CAP_SYS_RESOURCE @ capable pci_read_config_dword CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __ext4_journal_get_write_access CAP_SYS_RESOURCE @ capable ext4_orphan_add CAP_SYS_RESOURCE @ capable ext4_add_entry CAP_SYS_RESOURCE @ capable ext4_fc_track_create CAP_SYS_RESOURCE @ capable ext4_fc_track_link CAP_SYS_RESOURCE @ capable acpi_exception CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_quota_off CAP_SYS_RESOURCE @ capable __SCT__tp_func_ext4_da_reserve_space CAP_SYS_RESOURCE @ capable crypto_destroy_tfm CAP_SYS_RESOURCE @ capable crypto_shash_update CAP_SYS_RESOURCE @ capable ext4_stop_mmpd CAP_SYS_RESOURCE @ capable ext4_xattr_destroy_cache CAP_SYS_RESOURCE @ capable percpu_free_rwsem CAP_SYS_RESOURCE @ capable ext4_es_unregister_shrinker CAP_SYS_RESOURCE @ capable jbd2_journal_destroy CAP_SYS_RESOURCE @ capable ext4_unregister_sysfs CAP_SYS_RESOURCE @ capable io_put_sq_data CAP_IPC_LOCK @ capable dquot_drop CAP_SYS_RESOURCE @ capable dquot_free_inode CAP_SYS_RESOURCE @ capable ext4_inode_attach_jinode CAP_SYS_RESOURCE @ capable __ext4_handle_dirty_metadata CAP_SYS_RESOURCE @ capable unlock_buffer CAP_SYS_RESOURCE @ capable ext4_xattr_block_csum CAP_SYS_RESOURCE @ capable ext4_xattr_set_entry CAP_SYS_RESOURCE @ capable ext4_xattr_inode_array_free CAP_SYS_RESOURCE @ capable __ext4_journal_stop CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ext4_clear_inode CAP_SYS_RESOURCE @ capable scsi_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __ext4_mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ext4_orphan_del CAP_SYS_RESOURCE @ capable ext4_fc_mark_ineligible CAP_SYS_RESOURCE @ capable __ext4_error_inode CAP_SYS_RESOURCE @ capable __request_region CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_xattr_block_find CAP_SYS_RESOURCE @ capable ip6_route_del CAP_NET_ADMIN @ ns_capable drm_dev_exit CAP_SYS_ADMIN @ capable track_pfn_insert CAP_SYS_ADMIN @ capable insert_pfn CAP_SYS_ADMIN @ capable dec_usb_memory_use_count CAP_SYS_ADMIN @ capable jbd2_journal_abort CAP_SYS_ADMIN @ capable ext4_force_commit CAP_SYS_ADMIN @ capable freeze_bdev CAP_SYS_ADMIN @ capable __SCT__tp_func_ext4_shutdown CAP_SYS_ADMIN @ capable vm_mmap_pgoff CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable user_shm_lock CAP_IPC_LOCK @ capable ip_local_deliver CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable ip6_input CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable ip_options_rcv_srr CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable i8042_create_aux_port CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable put_mnt_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_add_pack CAP_NET_RAW @ ns_capable perf_event_set_output CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check __ext4_msg CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check serial8250_config_port CAP_SYS_ADMIN @ capable bdev_resize_partition CAP_SYS_ADMIN @ capable bdev_add_partition CAP_SYS_ADMIN @ capable ext4_release_system_zone CAP_SYS_RESOURCE @ capable bdev_del_partition CAP_SYS_ADMIN @ capable errseq_check_and_advance CAP_SYS_RESOURCE @ capable generic_file_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check tcf_chain_flush CAP_NET_ADMIN @ netlink_ns_capable drm_syncobj_open CAP_SYS_ADMIN @ capable blkdev_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check dma_sync_single_for_device CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_sys_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check write_iter_null CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check devkmsg_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check pipe_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check hung_up_tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check aio_complete_rw CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check hung_up_tty_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check seq_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check read_iter_zero CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check generic_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check proc_reg_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check eventfd_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check kernfs_fop_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check pipe_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check dma_unmap_page_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_sys_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check hugetlbfs_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check rw_verify_area CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check tty_vhangup_self CAP_SYS_TTY_CONFIG @ capable shmem_unlock_mapping CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ ns_capable inconsistent check nfs4_have_delegation CAP_LEASE @ capable exportfs_decode_fh CAP_DAC_READ_SEARCH @ capable perf_install_in_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check security_read_policy CAP_CHOWN @ avc_has_perm_noaudit simple_read_from_buffer CAP_CHOWN @ avc_has_perm_noaudit security_member_sid CAP_CHOWN @ avc_has_perm_noaudit e1000_write_phy_reg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable security_get_user_sids CAP_CHOWN @ avc_has_perm_noaudit __mb_cache_entry_free CAP_SYS_RESOURCE @ capable security_change_sid CAP_CHOWN @ avc_has_perm_noaudit security_transition_sid_user CAP_CHOWN @ avc_has_perm_noaudit security_context_str_to_sid CAP_CHOWN @ avc_has_perm_noaudit security_context_to_sid CAP_CHOWN @ avc_has_perm_noaudit selnl_notify_setenforce CAP_CHOWN @ avc_has_perm_noaudit avc_ss_reset CAP_CHOWN @ avc_has_perm_noaudit phy_connect_direct CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable d_exchange CAP_FOWNER @ capable_wrt_inode_uidgid CAP_CHOWN @ avc_has_perm_noaudit inconsistent check security_get_permissions CAP_CHOWN @ avc_has_perm_noaudit security_get_classes CAP_CHOWN @ avc_has_perm_noaudit sel_make_dir CAP_CHOWN @ avc_has_perm_noaudit call_usermodehelper_exec CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check replace_fd CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check alloc_file_pseudo CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check vfs_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rtc_cmos_write CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable proc_sys_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bad_inode_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tasklet_setup CAP_NET_BROADCAST @ file_ns_capable ieee80211_dfs_cac_cancel CAP_NET_BROADCAST @ file_ns_capable ipip6_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ext4_zero_partial_blocks CAP_SYS_RESOURCE @ capable kernfs_dop_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check audit_log_path_denied CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check alloc_netdev_mqs CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_event_cancel_free CAP_NET_BROADCAST @ file_ns_capable parse_monolithic_mount_data CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check fpu__clear_user_states CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pin_insert CAP_SYS_PACCT @ capable intel_display_prepare_reset CAP_NET_BROADCAST @ file_ns_capable pipe_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check dm_blk_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable md_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable kernfs_vfs_xattr_get CAP_SYS_ADMIN @ capable __azx_runtime_resume CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sd_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable proc_tid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check md_compat_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drv_mgd_complete_tx CAP_NET_BROADCAST @ file_ns_capable __ieee80211_unschedule_txq CAP_NET_BROADCAST @ file_ns_capable sd_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __lock_page CAP_IPC_LOCK @ capable security_sem_associate CAP_IPC_OWNER @ ns_capable write_pool CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_task_fix_setgid CAP_SETGID @ ns_capable_setid CAP_SETGID @ ns_capable_setid __ip_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable sock_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __nla_parse CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check redirected_tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __ipv6_dev_ac_inc CAP_NET_ADMIN @ ns_capable ipv6_chk_prefix CAP_NET_ADMIN @ ns_capable drm_modeset_drop_locks CAP_NET_BROADCAST @ file_ns_capable mntns_install CAP_SYS_ADMIN @ ns_capable set_fs_root CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable inconsistent check xt_copy_counters CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable path_openat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check get_zeroed_page CAP_CHOWN @ avc_has_perm_noaudit translate_table.68091 CAP_NET_ADMIN @ ns_capable xt_compat_target_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable shmem_lock CAP_IPC_LOCK @ ns_capable propagate_mount_busy CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check new_inode CAP_CHOWN @ avc_has_perm_noaudit compat_blkdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check cpu_latency_qos_remove_request CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_alloc_file_blocks CAP_SYS_RESOURCE @ capable blkdev_compat_ptr_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable generic_setlease CAP_LEASE @ capable nd_jump_link CAP_SYS_ADMIN @ ns_capable %5 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.178079*, i32)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), i32 40) #76 cap_no=40 inconsistent check __SCT__tp_func_drm_vblank_event_delivered CAP_NET_BROADCAST @ file_ns_capable xt_alloc_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable mnt_clone_internal CAP_SYS_PACCT @ capable lock_rename CAP_CHOWN @ avc_has_perm_noaudit CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_table_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable stack_trace_save_tsk CAP_SYS_ADMIN @ file_ns_capable audit_seccomp_actions_logged CAP_SYS_ADMIN @ capable mddev_unlock CAP_SYS_ADMIN @ capable inet6_addr_del CAP_NET_ADMIN @ ns_capable clear_page_dirty_for_io CAP_SYS_RESOURCE @ capable unregister_netdevice_many CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check ext4_fc_stop_ineligible CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check reconfigure_super CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check irq_set_affinity CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_power_up_phy CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check security_task_setscheduler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ ns_capable inconsistent check thaw_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check freeze_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check nv_set_multicast CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_xattr_inode_update_ref CAP_SYS_RESOURCE @ capable sockfs_xattr_get CAP_SYS_ADMIN @ capable ext4_xattr_hurd_get CAP_SYS_ADMIN @ capable nfs4_xattr_get_nfs4_acl CAP_SYS_ADMIN @ capable proc_ptrace_connector CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check ext4_xattr_security_get CAP_SYS_ADMIN @ capable ata_acpi_dev_uevent CAP_NET_BROADCAST @ file_ns_capable vfs_clean_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable qdisc_lookup CAP_NET_ADMIN @ netlink_ns_capable mount_too_revealing CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable _dev_notice CAP_SYS_ADMIN @ capable __tcf_get_next_proto CAP_NET_ADMIN @ netlink_ns_capable shmem_xattr_handler_get CAP_SYS_ADMIN @ capable loop_info64_to_compat CAP_SYS_ADMIN @ capable pps_cdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drv_event_callback.72785 CAP_NET_BROADCAST @ file_ns_capable ptep_clear_flush CAP_IPC_LOCK @ capable sock_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check nv_update_linkspeed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_ext_release CAP_SYS_RESOURCE @ capable qdisc_put_unlocked CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable power_supply_changed CAP_NET_BROADCAST @ file_ns_capable drm_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check hiddev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ___ieee80211_stop_tx_ba_session CAP_NET_BROADCAST @ file_ns_capable acpi_install_table_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_rx_unexpected_4addr_frame CAP_NET_BROADCAST @ file_ns_capable do_split CAP_SYS_RESOURCE @ capable snd_seq_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check xt_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable create_empty_buffers CAP_SYS_RESOURCE @ capable rt6_lookup CAP_NET_ADMIN @ ns_capable rfkill_register CAP_NET_BROADCAST @ file_ns_capable security_load_policy CAP_CHOWN @ avc_has_perm_noaudit migrate_pages CAP_IPC_LOCK @ capable __mnt_drop_write CAP_SYS_PACCT @ capable netlbl_unlabel_genl_init CAP_NET_BROADCAST @ file_ns_capable ipip6_dellink CAP_NET_ADMIN @ netlink_ns_capable current_umask CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nl80211_notify_iface CAP_NET_BROADCAST @ file_ns_capable xt_request_find_target CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_compat_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable may_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check lock_device_hotplug CAP_SYS_ADMIN @ capable finalize_exec CAP_IPC_LOCK @ capable snd_timer_user_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sd_config_write_same CAP_SYS_ADMIN @ capable ieee80211_hw_config CAP_NET_BROADCAST @ file_ns_capable nfs_umount_begin CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check snapshot_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check rpc_pipe_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_queue_work CAP_NET_BROADCAST @ file_ns_capable ext4_da_update_reserve_space CAP_SYS_RESOURCE @ capable ext4_xattr_trusted_get CAP_SYS_ADMIN @ capable crng_reseed CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mq_clear_sbinfo CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_sta_get_rates CAP_NET_BROADCAST @ file_ns_capable compat_start_thread CAP_IPC_LOCK @ capable vfat_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sd_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable snd_hwdep_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check vfs_tmpfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check _dev_warn CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check sta_info_free CAP_NET_BROADCAST @ file_ns_capable perf_event_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable proc_root_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vm_access_ttm CAP_IPC_LOCK @ capable ieee80211_txq_teardown_flows CAP_NET_BROADCAST @ file_ns_capable snd_timer_user_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check bprm_change_interp CAP_IPC_LOCK @ capable unlock_device_hotplug CAP_SYS_ADMIN @ capable drm_framebuffer_free CAP_NET_BROADCAST @ file_ns_capable dm_compat_ctl_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ext4_last_io_end_vec CAP_SYS_RESOURCE @ capable msr_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check hpet_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check tty_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sg_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ext4_dx_csum CAP_SYS_RESOURCE @ capable snd_seq_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check llist_add_batch CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __ieee80211_rx_h_amsdu CAP_NET_BROADCAST @ file_ns_capable tty_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check compat_sock_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check dev_valid_name CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable i915_ioc32_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check fs_context_for_reconfigure CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_roc_setup CAP_NET_BROADCAST @ file_ns_capable put_ucounts CAP_SYS_RESOURCE @ capable enable_swap_slots_cache CAP_SYS_ADMIN @ capable drv_channel_switch CAP_NET_BROADCAST @ file_ns_capable ns_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check percpu_ref_resurrect CAP_SYS_ADMIN @ capable security_sb_pivotroot CAP_SYS_ADMIN @ ns_capable filename_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernfs_iop_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cpufreq_register_notifier CAP_NET_BROADCAST @ file_ns_capable proc_ns_file CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check slow_avc_audit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit drm_atomic_helper_update_plane CAP_NET_BROADCAST @ file_ns_capable free_netdev CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check acpi_sleep_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_drain_rxtx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sock_create_kern CAP_IPC_LOCK @ capable blkdev_issue_discard CAP_SYS_ADMIN @ capable ieee80211_check_queues CAP_NET_BROADCAST @ file_ns_capable security_inode_getxattr CAP_SYS_ADMIN @ capable generic_swapfile_activate CAP_SYS_ADMIN @ capable xt_compat_target_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable scsi_init_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check dquot_add_space CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable percpu_ref_exit CAP_SYS_ADMIN @ capable start_thread CAP_IPC_LOCK @ capable percpu_ref_init CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check inet6_addr_add CAP_NET_ADMIN @ ns_capable e1000_configure_msix CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_queue_skb CAP_NET_BROADCAST @ file_ns_capable blk_queue_flag_clear CAP_SYS_ADMIN @ capable move_vma CAP_IPC_LOCK @ capable pid_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vm_stat_account CAP_IPC_LOCK @ capable unpin_user_pages_dirty_lock CAP_IPC_LOCK @ capable __mmu_notifier_invalidate_range_end CAP_IPC_LOCK @ capable ipv6_chk_addr_and_flags CAP_NET_ADMIN @ ns_capable rt_cache_flush CAP_NET_ADMIN @ ns_capable dmar_fault CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable arch_uprobe_skip_sstep CAP_IPC_LOCK @ capable __create_xol_area CAP_IPC_LOCK @ capable pci_connect_tech_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable force_sig CAP_IPC_LOCK @ capable drm_gem_object_free CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check ieee80211_stop_queues_by_reason CAP_NET_BROADCAST @ file_ns_capable truncate_setsize CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable unlock_page CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable inconsistent check ieee80211_determine_chantype CAP_NET_BROADCAST @ file_ns_capable attach_recursive_mnt CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __vfs_setxattr_noperm CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check nla_strcmp CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable acpi_setup_sb_notify_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable munlock_vma_page CAP_IPC_LOCK @ capable try_to_free_swap CAP_IPC_LOCK @ capable cfg80211_unregister_wdev CAP_NET_BROADCAST @ file_ns_capable rtc_dev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check unlock_new_inode CAP_SYS_RESOURCE @ capable arch_uprobe_ignore CAP_IPC_LOCK @ capable page_mapped CAP_IPC_LOCK @ capable alloc_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable page_remove_rmap CAP_IPC_LOCK @ capable msdos_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid i915_ttm_adjust_lru CAP_IPC_LOCK @ capable security_compute_av_user CAP_CHOWN @ avc_has_perm_noaudit is_file_shm_hugepages CAP_IPC_LOCK @ capable __netdev_alloc_skb CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check page_vma_mapped_walk CAP_IPC_LOCK @ capable put_css_set_locked CAP_SYS_ADMIN @ ns_capable xt_compat_match_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable sr_block_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ieee80211_check_fast_xmit CAP_NET_BROADCAST @ file_ns_capable __mmu_notifier_invalidate_range_start CAP_IPC_LOCK @ capable bcmp CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check down_write_killable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable ext4_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check empty_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mpage_process_page_bufs CAP_SYS_RESOURCE @ capable __anon_vma_prepare CAP_IPC_LOCK @ capable cgroup_post_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable evdev_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check in_gate_area CAP_IPC_LOCK @ capable d_move CAP_FOWNER @ capable_wrt_inode_uidgid e1000e_up CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable create_io_thread CAP_IPC_LOCK @ capable dev_disable_lro CAP_NET_ADMIN @ ns_capable rtnl_create_link CAP_NET_ADMIN @ netlink_ns_capable do_trace_write_msr CAP_IPC_LOCK @ capable set_page_dirty_lock CAP_IPC_LOCK @ capable memcpy_toio CAP_NET_BROADCAST @ file_ns_capable ttm_bo_vm_access CAP_IPC_LOCK @ capable percpu_ref_kill_and_confirm CAP_SYS_ADMIN @ capable io_submit_flush_completions CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check bprm_execve CAP_IPC_LOCK @ capable ext4_dirblock_csum_verify CAP_SYS_RESOURCE @ capable xfrm_user_policy CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check copy_thread CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable dev_uc_del CAP_NET_ADMIN @ netlink_capable xt_compat_add_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable unregister_pernet_subsys CAP_NET_BROADCAST @ file_ns_capable __starget_for_each_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_disable_msix CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable vm_brk CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable xt_request_find_match CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable io_clean_op CAP_BLOCK_SUSPEND @ capable iommu_disable_protect_mem_regions CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ieee80211_request_sched_scan_start CAP_NET_BROADCAST @ file_ns_capable pc_nvram_initialize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bus_register_notifier CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable local_bh_enable.66836 CAP_NET_ADMIN @ ns_capable unpin_user_page CAP_IPC_LOCK @ capable __ext4_find_entry CAP_SYS_RESOURCE @ capable handle_dots CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check truncate_inode_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check vma_is_shmem CAP_IPC_LOCK @ capable xt_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_crtc_check_viewport CAP_NET_BROADCAST @ file_ns_capable mod_node_page_state CAP_IPC_LOCK @ capable pcie_walk_rcec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable isolate_lru_page CAP_IPC_LOCK @ capable ring_buffer_unlock_commit CAP_SYSLOG @ has_capability_noaudit drm_connector_list_iter_end CAP_NET_BROADCAST @ file_ns_capable autofs_root_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check intel_overlay_switch_off CAP_NET_BROADCAST @ file_ns_capable uts_proc_notify CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_vht_handle_opmode CAP_NET_BROADCAST @ file_ns_capable compat_table_info.68087 CAP_NET_ADMIN @ ns_capable acpi_ec_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable get_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cfg80211_iftype_allowed CAP_NET_BROADCAST @ file_ns_capable do_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable netlbl_calipso_genl_init CAP_NET_BROADCAST @ file_ns_capable pgprot_writecombine CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable cgroup_cancel_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable rate_control_rate_update CAP_NET_BROADCAST @ file_ns_capable exit_swap_address_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable swap_type_of CAP_SYS_ADMIN @ capable put_sg_io_hdr CAP_SYS_RAWIO @ capable lookup_user_key CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable netdev_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_ADMIN @ netlink_capable inconsistent check rtc_dev_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check copy_page_from_iter CAP_IPC_LOCK @ capable skb_copy_expand CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ netlink_ns_capable inconsistent check send_sig_info CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check ieee80211_free_keys CAP_NET_BROADCAST @ file_ns_capable i915_request_add CAP_NET_BROADCAST @ file_ns_capable pci_disable_device CAP_SYS_ADMIN @ capable fib_table_insert CAP_NET_ADMIN @ ns_capable ip_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ext4_alloc_da_blocks CAP_SYS_RESOURCE @ capable inc_rlimit_ucounts CAP_SYS_RESOURCE @ capable __uprobe_unregister CAP_IPC_LOCK @ capable dev_set_threaded CAP_NET_ADMIN @ ns_capable nvram_misc_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check get_net_ns_by_id CAP_NET_ADMIN @ netlink_ns_capable fat_dir_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check snd_ctl_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check __tcf_block_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable cfg80211_init_wdev CAP_NET_BROADCAST @ file_ns_capable e1000_set_phy_loopback CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable hrtimer_start_range_ns CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check xt_compat_flush_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable selinux_policy_commit CAP_CHOWN @ avc_has_perm_noaudit anon_inode_getfd CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable posix_acl_xattr_get CAP_SYS_ADMIN @ capable dma_sync_single_for_cpu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable security_inode_getsecurity CAP_SYS_ADMIN @ capable copy_strings CAP_IPC_LOCK @ capable io_issue_sqe CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check snapshot_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check io_req_complete_post CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check xt_find_revision CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ns_to_timespec64 CAP_SYS_TIME @ file_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_gt_reset CAP_NET_BROADCAST @ file_ns_capable posix_clock_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check mq_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ext4_double_up_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check e1000e_phc_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable update_ref_ctr CAP_IPC_LOCK @ capable __tcf_chain_get CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable rtnl_fdb_notify CAP_NET_ADMIN @ netlink_capable round_jiffies_relative CAP_NET_BROADCAST @ file_ns_capable hung_up_tty_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check security_msg_queue_associate CAP_IPC_OWNER @ ns_capable hibernation_restore CAP_SYS_ADMIN @ capable acpi_ut_create_internal_object_dbg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_set_group CAP_NET_ADMIN @ ns_capable dm_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable backlight_force_update CAP_NET_BROADCAST @ file_ns_capable arch_uprobe_copy_ixol CAP_IPC_LOCK @ capable tty_buffer_restart_work CAP_SYS_MODULE @ capable snapshot_image_loaded CAP_SYS_ADMIN @ capable proc_reg_unlocked_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check efivar_entry_iter_begin CAP_SYS_ADMIN @ capable __mmap_lock_do_trace_start_locking CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_RESOURCE @ capable inconsistent check xt_compat_init_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable nfs_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_change_proto_down CAP_NET_ADMIN @ ns_capable strnlen_user CAP_IPC_LOCK @ capable acpi_install_notify_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable setup_swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __icmp_send CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable put_pid_ns CAP_SYS_ADMIN @ ns_capable ext4_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ihold CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check vfs_fchmod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tg3_read32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable security_task_fix_setuid CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid percpu_counter_destroy CAP_SYS_RESOURCE @ capable reboot_pid_ns CAP_SYS_BOOT @ ns_capable nfs_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid rdev_del_virtual_intf CAP_NET_BROADCAST @ file_ns_capable try_to_unuse CAP_SYS_ADMIN @ capable security_locked_down CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable inconsistent check vfs_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check may_expand_vm CAP_IPC_LOCK @ capable nfs4_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_kexec CAP_SYS_BOOT @ ns_capable bsg_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check bad_inode_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vt_do_kbkeycode_ioctl CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check cfg80211_tx_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable exit_thread CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable check_zeroed_user CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check tty_name CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check acpi_run_osc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dm_issue_global_event CAP_SYS_ADMIN @ capable __break_lease CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ip_tunnel_bind_dev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable blk_execute_rq CAP_SYS_RAWIO @ capable debugfs_create_dir CAP_NET_BROADCAST @ file_ns_capable tcf_proto_lookup_ops CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ldsem_up_write CAP_SYS_MODULE @ capable acpi_scan_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sysfs_streq CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check static_key_slow_dec CAP_NET_ADMIN @ capable ieee80211_init_rate_ctrl_alg CAP_NET_BROADCAST @ file_ns_capable perf_event_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ldsem_down_write CAP_SYS_MODULE @ capable tty_ldisc_failto CAP_SYS_MODULE @ capable bitmap_zalloc CAP_NET_ADMIN @ ns_capable __mmu_notifier_change_pte CAP_IPC_LOCK @ capable panic CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_MODULE @ capable inconsistent check ext4_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid ext4_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check try_to_unlazy CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check thermal_cooling_device_unregister CAP_NET_BROADCAST @ file_ns_capable unregister_netdevice_queue CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check shrink_dcache_parent CAP_FOWNER @ capable_wrt_inode_uidgid CAP_CHOWN @ avc_has_perm_noaudit inconsistent check lo_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rtnl_register CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check pci_user_read_config_dword CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check i8042_flush CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_request_sched_scan_stop CAP_NET_BROADCAST @ file_ns_capable ieee80211_add_virtual_monitor CAP_NET_BROADCAST @ file_ns_capable hidraw_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check vfs_create_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable selinux_policy_genfs_sid CAP_CHOWN @ avc_has_perm_noaudit ieee80211_stop_device CAP_NET_BROADCAST @ file_ns_capable serport_ldisc_open CAP_SYS_MODULE @ capable htree_dirblock_to_tree CAP_SYS_RESOURCE @ capable bitmap_parse CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check intel_irq_uninstall CAP_NET_BROADCAST @ file_ns_capable cache_ioctl_pipefs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check stream_open CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check housekeeping_cpumask CAP_NET_ADMIN @ capable cfg80211_register_wdev CAP_NET_BROADCAST @ file_ns_capable tcf_fill_node CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable put_ipc_ns CAP_SYS_RESOURCE @ capable hibernate CAP_SYS_BOOT @ ns_capable flush_workqueue CAP_NET_BROADCAST @ file_ns_capable refcount_dec_and_lock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_led_assoc CAP_NET_BROADCAST @ file_ns_capable xt_request_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __put_net CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check user_disable_single_step CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable inconsistent check get_ucounts CAP_SYS_RESOURCE @ capable _atomic_dec_and_lock CAP_SYS_ADMIN @ capable pci_get_slot CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kernfs_vma_access CAP_IPC_LOCK @ capable pci_intx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable qdisc_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable free_ret_instance CAP_IPC_LOCK @ capable __ext4_std_error CAP_SYS_RESOURCE @ capable lo_compat_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rtnetlink_send CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable security_sb_umount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_roc_purge CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_disable_plane CAP_NET_BROADCAST @ file_ns_capable drm_mode_get_hv_timing CAP_NET_BROADCAST @ file_ns_capable efivar_validate CAP_SYS_ADMIN @ capable pci_xr17c154_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kernel_sigaction CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check mq_select_queue CAP_NET_ADMIN @ netlink_ns_capable cpus_read_unlock CAP_NET_ADMIN @ ns_capable ext4_xattr_inode_iget CAP_SYS_RESOURCE @ capable hibernation_platform_enter CAP_SYS_ADMIN @ capable vfs_path_lookup CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dump_emit CAP_IPC_LOCK @ capable mq_leaf CAP_NET_ADMIN @ netlink_ns_capable cpus_read_lock CAP_NET_ADMIN @ ns_capable hex_to_bin CAP_CHOWN @ avc_has_perm_noaudit d_add CAP_CHOWN @ avc_has_perm_noaudit vfat_revalidate_ci CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xa_find_after CAP_NET_BROADCAST @ file_ns_capable sd_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable acpi_notifier_call_chain CAP_NET_BROADCAST @ file_ns_capable kernel_restart CAP_SYS_BOOT @ ns_capable drm_mode_plane_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable vfs_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_user_read_config_byte CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check free_cgroup_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_key_free_common CAP_NET_BROADCAST @ file_ns_capable md_set_read_only CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rfkill_fop_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check set_binfmt CAP_IPC_LOCK @ capable xt_compat_check_entry_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable d_instantiate_new CAP_SYS_RESOURCE @ capable dst_release CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check ext4_trim_fs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dec_rlimit_ucounts CAP_SYS_RESOURCE @ capable _dev_err CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_TIME @ capable CAP_SYS_NICE @ capable CAP_SYS_TIME @ capable inconsistent check snd_ctl_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check __tcf_qdisc_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __audit_inode_child CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vt_reset_unicode CAP_KILL @ ns_capable xt_compat_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable kstrdup_quotable CAP_IPC_LOCK @ capable cfg80211_stop_p2p_device CAP_NET_BROADCAST @ file_ns_capable __fsnotify_parent CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable inconsistent check pci_config_pm_runtime_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check blk_rq_map_user CAP_SYS_RAWIO @ capable copy_page_to_iter CAP_IPC_LOCK @ capable drm_modeset_unregister_all CAP_NET_BROADCAST @ file_ns_capable do_trace_read_msr CAP_IPC_LOCK @ capable __tcf_chain_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable invoke_tx_handlers_late CAP_NET_BROADCAST @ file_ns_capable ieee80211_mgd_stop CAP_NET_BROADCAST @ file_ns_capable fat_trim_fs CAP_LINUX_IMMUTABLE @ capable CAP_SYS_ADMIN @ capable inconsistent check acpi_ns_walk_namespace CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable putback_movable_pages CAP_IPC_LOCK @ capable blkdev_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __tcf_block_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable d_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sync_blockdev CAP_SYS_RESOURCE @ capable ww_mutex_lock_interruptible CAP_NET_BROADCAST @ file_ns_capable CAP_IPC_LOCK @ capable inconsistent check tg3_free_rings CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable flush_delayed_work CAP_NET_BROADCAST @ file_ns_capable efivar_entry_set CAP_SYS_ADMIN @ capable do_blank_screen CAP_KILL @ ns_capable netdev_master_upper_dev_get CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check do_trace_netlink_extack CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check acpi_evaluate_integer CAP_NET_BROADCAST @ file_ns_capable dev_ifsioc CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check nl80211_exit CAP_NET_BROADCAST @ file_ns_capable posix_clock_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ktime_add_safe CAP_WAKE_ALARM @ capable ieee80211_stop_tx_ba_cb CAP_NET_BROADCAST @ file_ns_capable drm_dev_put CAP_NET_BROADCAST @ file_ns_capable io_arm_poll_handler CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check ieee80211_txq_remove_vlan CAP_NET_BROADCAST @ file_ns_capable swsusp_swap_in_use CAP_SYS_ADMIN @ capable __netif_set_xps_queue CAP_NET_ADMIN @ ns_capable pci_enable_device CAP_SYS_ADMIN @ capable cpumask_weight.17605 CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable alarmtimer_do_nsleep CAP_WAKE_ALARM @ capable unpin_user_pages CAP_IPC_LOCK @ capable page_add_new_anon_rmap CAP_IPC_LOCK @ capable device_is_bound CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check loop_control_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check blk_rq_map_kern CAP_SYS_RAWIO @ capable __SCT__tp_func_sched_process_fork CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check snapshot_get_image_size CAP_SYS_ADMIN @ capable i915_gem_object_pin_to_display_plane CAP_NET_BROADCAST @ file_ns_capable hugetlbfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_smps_mode_to_smps_mode CAP_NET_BROADCAST @ file_ns_capable ipip6_newlink CAP_NET_ADMIN @ netlink_ns_capable ww_mutex_unlock CAP_IPC_LOCK @ capable ipip6_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable replace_mm_exe_file CAP_SYS_RESOURCE @ capable ieee80211_run_deferred_scan CAP_NET_BROADCAST @ file_ns_capable lock_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable unregister_netdevice_notifier CAP_NET_BROADCAST @ file_ns_capable ext4_xattr_user_get CAP_SYS_ADMIN @ capable elf_map CAP_IPC_LOCK @ capable xhci_dbg_trace CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable open_exec CAP_IPC_LOCK @ capable set_user CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid cfg80211_cac_event CAP_NET_BROADCAST @ file_ns_capable netif_device_attach CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable file_update_time CAP_FSETID @ capable signal_wake_up_state CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check cfg80211_free_nan_func CAP_NET_BROADCAST @ file_ns_capable dm_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable snapshot_write_finalize CAP_SYS_ADMIN @ capable tty_ldisc_reinit CAP_SYS_MODULE @ capable nfs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_radar_event CAP_NET_BROADCAST @ file_ns_capable elf_map.17942 CAP_IPC_LOCK @ capable __SCT__tp_func_task_newtask CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __cpuhp_setup_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check __init_swait_queue_head CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_PACCT @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_NET_RAW @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable inconsistent check drm_mode_convert_to_umode CAP_NET_BROADCAST @ file_ns_capable io_uring_alloc_task_context CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable inconsistent check cfg80211_abandon_assoc CAP_NET_BROADCAST @ file_ns_capable amd_set_subcaches CAP_SYS_ADMIN @ capable pci_write_config_dword CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ieee80211_xmit_fast_finish CAP_NET_BROADCAST @ file_ns_capable pps_cdev_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check create_new_namespaces CAP_SYS_ADMIN @ ns_capable wiphy_unregister CAP_NET_BROADCAST @ file_ns_capable reenable_swap_slots_cache_unlock CAP_SYS_ADMIN @ capable efivar_create_sysfs_entry CAP_SYS_ADMIN @ capable static_key_slow_inc CAP_NET_ADMIN @ capable vfat_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_reg_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sync_file_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check suspend_devices_and_enter CAP_SYS_ADMIN @ capable nfs_swap_deactivate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable autofs_dev_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check terminate_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_halt CAP_SYS_BOOT @ ns_capable __ieee80211_recalc_txpower CAP_NET_BROADCAST @ file_ns_capable put_fs_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cfg80211_del_sta_sinfo CAP_NET_BROADCAST @ file_ns_capable n_tty_open CAP_SYS_MODULE @ capable hung_up_tty_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check e1000_irq_enable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_irq_vector CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable vm_munmap CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable __ieee80211_tx CAP_NET_BROADCAST @ file_ns_capable i915_perf_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check rtnl_configure_link CAP_NET_ADMIN @ netlink_ns_capable d_alloc_name CAP_CHOWN @ avc_has_perm_noaudit efivar_entry_iter_end CAP_SYS_ADMIN @ capable link_path_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check put_old_itimerspec32 CAP_WAKE_ALARM @ capable free_all_swap_pages CAP_SYS_ADMIN @ capable acpi_evaluate_lck CAP_NET_BROADCAST @ file_ns_capable dma_buf_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check netif_set_xps_queue CAP_NET_ADMIN @ capable free_fs_struct CAP_SYS_ADMIN @ ns_capable cfg80211_rdev_free_coalesce CAP_NET_BROADCAST @ file_ns_capable snd_hwdep_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check dev_driver_string CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check __import_iovec CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __drm_mode_set_config_internal CAP_NET_BROADCAST @ file_ns_capable n_tty_close CAP_SYS_MODULE @ capable io_free_req CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check ext4_fc_track_unlink CAP_SYS_RESOURCE @ capable drm_atomic_set_property CAP_NET_BROADCAST @ file_ns_capable security_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable blk_queue_flag_set CAP_SYS_ADMIN @ capable tty_unlock CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check invalidate_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_read_config_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable get_task_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable acpi_early_processor_osc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sg_new_read CAP_SYS_RAWIO @ capable regulatory_exit CAP_NET_BROADCAST @ file_ns_capable ext4_commit_super CAP_SYS_RESOURCE @ capable serial8250_release_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable audit_log_multicast CAP_AUDIT_READ @ capable hpet_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check i915_gem_driver_unregister CAP_NET_BROADCAST @ file_ns_capable _dev_printk CAP_NET_BROADCAST @ file_ns_capable compat_arch_setup_additional_pages CAP_IPC_LOCK @ capable devres_free CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fd_install CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable inconsistent check ext4_free_inode CAP_SYS_RESOURCE @ capable tcf_proto_destroy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ieee80211_sta_join_ibss CAP_NET_BROADCAST @ file_ns_capable audit_log CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check drm_crtc_vblank_get CAP_NET_BROADCAST @ file_ns_capable pci_bus_read_config_byte CAP_NET_BROADCAST @ file_ns_capable blk_rq_map_user_iov CAP_SYS_RAWIO @ capable drm_prime_init_file_private CAP_SYS_ADMIN @ capable intel_user_framebuffer_create_handle CAP_NET_BROADCAST @ file_ns_capable acpi_bus_trim CAP_NET_BROADCAST @ file_ns_capable dm_ctl_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check pci_user_read_config_word CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check acpi_wakeup_device_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable memdup_user_nul CAP_CHOWN @ avc_has_perm_noaudit ieee80211_del_virtual_monitor CAP_NET_BROADCAST @ file_ns_capable do_timens_ktime_to_host CAP_WAKE_ALARM @ capable local_bh_enable.68094 CAP_NET_ADMIN @ ns_capable iommu_change_dev_def_domain CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check init_chown CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_ec_dsdt_probe CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fat_generic_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_master_put CAP_NET_BROADCAST @ file_ns_capable __efivar_entry_delete CAP_SYS_ADMIN @ capable __get_user_pages CAP_IPC_LOCK @ capable ext4_rename_dir_finish CAP_SYS_RESOURCE @ capable step_into CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pagecache_get_page CAP_IPC_LOCK @ capable put_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_claim_free_clusters CAP_SYS_RESOURCE @ capable cgroup_enter_frozen CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check clear_posix_cputimers_work CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable nfs_swap_activate CAP_SYS_ADMIN @ capable free_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable vfs_parse_fs_string CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tid_fd_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_mgd_quiesce CAP_NET_BROADCAST @ file_ns_capable ext4_inode_journal_mode CAP_SYS_RESOURCE @ capable get_seccomp_filter CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable pci_free_irq_vectors CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable security_inode_setxattr CAP_SYS_ADMIN @ capable ieee80211_calculate_rx_timestamp CAP_NET_BROADCAST @ file_ns_capable vm_brk_flags CAP_IPC_LOCK @ capable drv_remove_interface CAP_NET_BROADCAST @ file_ns_capable napi_gro_receive CAP_NET_BROADCAST @ file_ns_capable idr_replace CAP_NET_BROADCAST @ file_ns_capable unapply_uprobe CAP_IPC_LOCK @ capable drm_framebuffer_check_src_coords CAP_NET_BROADCAST @ file_ns_capable __ptrace_link CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable task_join_group_stop CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable proc_fork_connector CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_reenable_keys CAP_NET_BROADCAST @ file_ns_capable acpi_cppc_processor_exit CAP_NET_BROADCAST @ file_ns_capable inotify_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check fifo_init CAP_NET_ADMIN @ netlink_ns_capable dissolve_on_fput CAP_SYS_ADMIN @ ns_capable sched_post_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable intel_display_finish_reset CAP_NET_BROADCAST @ file_ns_capable compat_ptr_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check tg3_ptp_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable uprobe_copy_process CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable e1000_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mntput_no_expire CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check irq_domain_free_irqs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tty_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check mm_trace_rss_stat CAP_IPC_LOCK @ capable lru_add_drain_all CAP_IPC_LOCK @ capable fc_drop_locked CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable netlink_broadcast CAP_SYS_ADMIN @ netlink_ns_capable perf_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_mode_object_lease_required CAP_NET_BROADCAST @ file_ns_capable fget CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check page_cache_sync_ra CAP_SYS_RESOURCE @ capable __drm_dbg CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %258 = call zeroext i1 @capable(i32 38) #76 cap_no=38 %124 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %22 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_NET_BROADCAST @ file_ns_capable %14 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check kernfs_fop_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check vm_mmap CAP_IPC_LOCK @ capable ieee80211_if_add CAP_NET_BROADCAST @ file_ns_capable tg3_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sta_info_insert CAP_NET_BROADCAST @ file_ns_capable mon_bin_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check is_subdir CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_fc_stop_update CAP_SYS_RESOURCE @ capable usblp_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ata_acpi_dev_notify_dock CAP_NET_BROADCAST @ file_ns_capable dput_to_list CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_destroy_frag_cache CAP_NET_BROADCAST @ file_ns_capable bitmap_free CAP_NET_ADMIN @ ns_capable pidns_install CAP_SYS_ADMIN @ ns_capable i8042_enable_aux_port CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable umount_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __vfs_removexattr CAP_SYS_ADMIN @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable inconsistent check nla_strscpy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable arch_setup_additional_pages CAP_IPC_LOCK @ capable hibernation_snapshot CAP_SYS_ADMIN @ capable rdev_set_wakeup CAP_NET_BROADCAST @ file_ns_capable free_nsproxy CAP_SYS_ADMIN @ ns_capable tg3_enable_ints CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable isolate_huge_page CAP_IPC_LOCK @ capable dev_mc_del CAP_NET_ADMIN @ netlink_capable xol_free_insn_slot CAP_IPC_LOCK @ capable io_queue_async_work CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check nfs_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_master_open CAP_SYS_ADMIN @ capable acpi_processor_power_exit CAP_NET_BROADCAST @ file_ns_capable nfs_file_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check drm_vblank_put CAP_NET_BROADCAST @ file_ns_capable attach_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable serial8250_verify_port CAP_SYS_ADMIN @ capable device_rename CAP_NET_BROADCAST @ file_ns_capable uart_shutdown CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_inode_removexattr CAP_SYS_ADMIN @ capable proc_map_files_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check task_set_jobctl_pending CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_ADMIN @ ns_capable inconsistent check evdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check udp_abort CAP_NET_ADMIN @ ns_capable uart_change_speed CAP_SYS_ADMIN @ capable drm_mode_debug_printmodeline CAP_NET_BROADCAST @ file_ns_capable sd_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ksys_sync_helper CAP_SYS_ADMIN @ capable drm_mode_object_put CAP_NET_BROADCAST @ file_ns_capable serial8250_request_port CAP_SYS_ADMIN @ capable ext4_find_extent CAP_SYS_RESOURCE @ capable ieee80211_txq_purge CAP_NET_BROADCAST @ file_ns_capable acpi_processor_throttling_init CAP_NET_BROADCAST @ file_ns_capable serport_ldisc_close CAP_SYS_MODULE @ capable namespace_unlock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check arch_randomize_brk CAP_IPC_LOCK @ capable cgroup_leave_frozen CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check uart_startup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid ext4_es_delayed_clu CAP_SYS_RESOURCE @ capable autofs_dev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check complete_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_sta_rx_bw_to_chan_width CAP_NET_BROADCAST @ file_ns_capable usbdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check generic_access_phys CAP_IPC_LOCK @ capable ida_free CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check autofs_dir_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid seg6_exit CAP_NET_BROADCAST @ file_ns_capable bus_set_iommu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable compat_put_bitmap CAP_IPC_LOCK @ capable __mmap_lock_do_trace_acquire_returned CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_RESOURCE @ capable inconsistent check swsusp_free CAP_SYS_ADMIN @ capable __mmap_lock_do_trace_released CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_RESOURCE @ capable inconsistent check ieee80211_vif_copy_chanctx_to_vlans CAP_NET_BROADCAST @ file_ns_capable dm_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_cred_ucounts CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid commit_creds CAP_SETGID @ ns_capable_setid CAP_SETUID @ ns_capable_setid CAP_SETGID @ ns_capable_setid CAP_SETPCAP @ ns_capable CAP_SETGID @ ns_capable_setid CAP_SETUID @ ns_capable_setid inconsistent check ieee80211_recalc_ps_vif CAP_NET_BROADCAST @ file_ns_capable cfg80211_sme_rx_auth CAP_NET_BROADCAST @ file_ns_capable cn_netlink_send CAP_NET_ADMIN @ __netlink_ns_capable do_unblank_screen CAP_KILL @ ns_capable security_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid ext4_ext_try_to_merge CAP_SYS_RESOURCE @ capable fsnotify CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable inconsistent check drv_stop_ap CAP_NET_BROADCAST @ file_ns_capable register_netdevice CAP_NET_ADMIN @ netlink_ns_capable down_read_interruptible CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check uart_set_ldisc CAP_SYS_MODULE @ capable change_mnt_propagation CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check mount_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable exit_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tcp_abort CAP_NET_ADMIN @ ns_capable exit_shm CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ioremap_cache CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable autofs_root_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check security_shm_associate CAP_IPC_OWNER @ ns_capable disable_swap_slots_cache_lock CAP_SYS_ADMIN @ capable ring_buffer_write CAP_SYSLOG @ has_capability_noaudit ida_alloc_range CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check populate_vma_page_range CAP_IPC_LOCK @ capable get_gate_page CAP_IPC_LOCK @ capable check_vma_flags CAP_IPC_LOCK @ capable pci_config_pm_runtime_get CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check kfree_skb_list CAP_NET_BROADCAST @ file_ns_capable down_read_killable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ file_ns_capable CAP_IPC_LOCK @ capable inconsistent check sta_set_sinfo CAP_NET_BROADCAST @ file_ns_capable ___ieee80211_stop_rx_ba_session CAP_NET_BROADCAST @ file_ns_capable tcf_chain_tp_delete_empty CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable d_genocide CAP_CHOWN @ avc_has_perm_noaudit find_extend_vma CAP_IPC_LOCK @ capable proc_net_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_misc_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check e1000_free_desc_rings CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable local_bh_enable.71605 CAP_NET_BROADCAST @ file_ns_capable map_files_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check d_invalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_setent CAP_SYS_RESOURCE @ capable __lookup_slow CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check i915_perf_fini CAP_NET_BROADCAST @ file_ns_capable ext4_rename_dir_prepare CAP_SYS_RESOURCE @ capable lookup_fast CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mod_delayed_work_on CAP_NET_BROADCAST @ file_ns_capable kernel_power_off CAP_SYS_BOOT @ ns_capable drm_property_change_valid_put CAP_NET_BROADCAST @ file_ns_capable simple_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_managed_release CAP_NET_BROADCAST @ file_ns_capable audit_inode_permission CAP_CHOWN @ avc_has_perm_noaudit proc_task_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_client_dev_restore CAP_NET_BROADCAST @ file_ns_capable proc_lookupfd CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_bss_info_change_notify CAP_NET_BROADCAST @ file_ns_capable vfs_unlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_sys_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_tgid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tcp_send_window_probe CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable msdos_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_lookupfdinfo CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check isofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check autofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check intel_overlay_flip_prepare CAP_NET_BROADCAST @ file_ns_capable i915_gem_ww_ctx_fini CAP_NET_BROADCAST @ file_ns_capable proc_attr_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_remove_interfaces CAP_NET_BROADCAST @ file_ns_capable drm_gem_handle_delete CAP_NET_BROADCAST @ file_ns_capable ext4_alloc_io_end_vec CAP_SYS_RESOURCE @ capable proc_ns_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_tgid_net_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfat_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sd_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ramfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check shmem_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check msdos_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check blk_queue_max_discard_sectors CAP_SYS_ADMIN @ capable bad_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_ref_bss CAP_NET_BROADCAST @ file_ns_capable nfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_sme_deauth CAP_NET_BROADCAST @ file_ns_capable shmem_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check blkdev_get_by_dev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ring_buffer_discard_commit CAP_SYSLOG @ has_capability_noaudit pin_kill CAP_SYS_PACCT @ capable ieee80211_flush_queues CAP_NET_BROADCAST @ file_ns_capable fsync_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tty_lock CAP_SYS_MODULE @ capable do_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_purge_tx_queue CAP_NET_BROADCAST @ file_ns_capable ext4_file_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __sta_info_flush CAP_NET_BROADCAST @ file_ns_capable walk_component CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __rseq_handle_notify_resume CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_utimes CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_get_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inode_owner_or_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_perf_event_open CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check ieee80211_process_measurement_req CAP_NET_BROADCAST @ file_ns_capable wiphy_sysfs_exit CAP_NET_BROADCAST @ file_ns_capable vfs_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __mmu_notifier_invalidate_range CAP_IPC_LOCK @ capable __netlink_dump_start CAP_NET_ADMIN @ netlink_net_capable drm_property_replace_blob CAP_NET_BROADCAST @ file_ns_capable filename_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ip6_route_add CAP_NET_ADMIN @ ns_capable __audit_inode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check path_lookupat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __d_lookup_done CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check i915_gem_ww_ctx_init CAP_NET_BROADCAST @ file_ns_capable tracefs_syscall_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid arch_uprobe_pre_xol CAP_IPC_LOCK @ capable serial8250_pm CAP_SYS_ADMIN @ capable drm_event_reserve_init_locked CAP_NET_BROADCAST @ file_ns_capable drm_atomic_get_crtc_state CAP_NET_BROADCAST @ file_ns_capable vfs_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_xattr_block_set CAP_SYS_RESOURCE @ capable cancel_delayed_work_sync CAP_NET_BROADCAST @ file_ns_capable vfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check alloc_file_clone CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check init_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_ext_remove_space CAP_SYS_RESOURCE @ capable timens_on_fork CAP_SYS_ADMIN @ ns_capable __SCT__tp_func_azx_resume CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_cgroup_root CAP_SYS_ADMIN @ ns_capable copy_time_ns CAP_SYS_ADMIN @ ns_capable security_validate_transition_user CAP_CHOWN @ avc_has_perm_noaudit set_blocksize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable filp_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_fchown CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check set_cpus_allowed_ptr CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __getblk_gfp CAP_SYS_RESOURCE @ capable io_acct_cancel_pending_work CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drv_event_callback CAP_NET_BROADCAST @ file_ns_capable __setup_rt_frame CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check arch_mmap_rnd CAP_IPC_LOCK @ capable path_init CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sock_release CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check wiphy_regulatory_deregister CAP_NET_BROADCAST @ file_ns_capable kbd_rate CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check sock_efree CAP_NET_BROADCAST @ file_ns_capable inet_netconf_notify_devconf CAP_NET_ADMIN @ ns_capable netif_carrier_off CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check rate_control_deinitialize CAP_NET_BROADCAST @ file_ns_capable iov_iter_advance CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable inconsistent check rdev_add_virtual_intf CAP_NET_BROADCAST @ file_ns_capable import_single_range CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check handle_mm_fault CAP_IPC_LOCK @ capable nl80211_send_iface CAP_NET_BROADCAST @ file_ns_capable netlink_unicast CAP_NET_BROADCAST @ file_ns_capable get_fs_type CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable destroy_workqueue CAP_SYS_RESOURCE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check regulatory_propagate_dfs_state CAP_NET_BROADCAST @ file_ns_capable xt_compat_match_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ieee80211_sta_tear_down_BA_sessions CAP_NET_BROADCAST @ file_ns_capable calipso_exit CAP_NET_BROADCAST @ file_ns_capable PageHuge CAP_IPC_LOCK @ capable drm_mode_convert_umode CAP_NET_BROADCAST @ file_ns_capable cfg80211_sched_scan_stopped_locked CAP_NET_BROADCAST @ file_ns_capable copy_string_kernel CAP_IPC_LOCK @ capable synchronize_net CAP_NET_BROADCAST @ file_ns_capable cfg80211_sme_auth_timeout CAP_NET_BROADCAST @ file_ns_capable drv_suspend CAP_NET_BROADCAST @ file_ns_capable ieee80211_wake_queues_by_reason CAP_NET_BROADCAST @ file_ns_capable ieee80211_set_sdata_offload_flags CAP_NET_BROADCAST @ file_ns_capable wiphy_regulatory_register CAP_NET_BROADCAST @ file_ns_capable drv_change_interface CAP_NET_BROADCAST @ file_ns_capable ieee80211_setup_sdata CAP_NET_BROADCAST @ file_ns_capable ieee80211_do_open CAP_NET_BROADCAST @ file_ns_capable ieee80211_wake_vif_queues CAP_NET_BROADCAST @ file_ns_capable do_madvise CAP_SYS_NICE @ capable ieee80211_check_fast_rx_iface CAP_NET_BROADCAST @ file_ns_capable vfat_unlink CAP_FOWNER @ capable_wrt_inode_uidgid __SCT__tp_func_drv_sta_set_4addr CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_return_void CAP_NET_BROADCAST @ file_ns_capable cfg80211_rdev_by_wiphy_idx CAP_NET_BROADCAST @ file_ns_capable _dev_alert CAP_SYS_ADMIN @ capable ieee80211_send_4addr_nullfunc CAP_NET_BROADCAST @ file_ns_capable block_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_ibss_add_sta CAP_NET_BROADCAST @ file_ns_capable iommu_device_sysfs_add CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_data_to_8023_exthdr CAP_NET_BROADCAST @ file_ns_capable __pskb_pull_tail CAP_NET_BROADCAST @ file_ns_capable cfg80211_sme_disassoc CAP_NET_BROADCAST @ file_ns_capable dev_set_mtu CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable skb_copy_bits CAP_NET_BROADCAST @ file_ns_capable read_iter_null CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check cfg80211_sme_assoc_timeout CAP_NET_BROADCAST @ file_ns_capable nl80211_parse_mon_options CAP_NET_BROADCAST @ file_ns_capable __usecs_to_jiffies CAP_NET_BROADCAST @ file_ns_capable cfg80211_report_obss_beacon_khz CAP_NET_BROADCAST @ file_ns_capable __i915_gem_object_flush_frontbuffer CAP_NET_BROADCAST @ file_ns_capable ieee80211_deliver_skb CAP_NET_BROADCAST @ file_ns_capable cfg80211_rx_unprot_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable cfg80211_sta_opmode_change_notify CAP_NET_BROADCAST @ file_ns_capable netlink_rcv_skb CAP_NET_ADMIN @ netlink_net_capable untrack_pfn CAP_SYS_ADMIN @ capable ieee80211_sta_cur_vht_bw CAP_NET_BROADCAST @ file_ns_capable consume_skb CAP_NET_BROADCAST @ file_ns_capable __cpuhp_remove_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_primary_helper_update CAP_NET_BROADCAST @ file_ns_capable cfg80211_rx_mgmt_khz CAP_NET_BROADCAST @ file_ns_capable drv_sync_rx_queues CAP_NET_BROADCAST @ file_ns_capable kcalloc.71482 CAP_NET_BROADCAST @ file_ns_capable drv_ampdu_action CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_smps CAP_NET_BROADCAST @ file_ns_capable netif_receive_skb_list CAP_NET_BROADCAST @ file_ns_capable ieee80211_alloc_led_names CAP_NET_BROADCAST @ file_ns_capable nl80211_notify_wiphy CAP_NET_BROADCAST @ file_ns_capable __hw_addr_unsync CAP_NET_BROADCAST @ file_ns_capable intel_legacy_cursor_update CAP_NET_BROADCAST @ file_ns_capable translate_table CAP_NET_ADMIN @ ns_capable debugfs_remove CAP_NET_BROADCAST @ file_ns_capable device_del CAP_NET_BROADCAST @ file_ns_capable register_inetaddr_notifier CAP_NET_BROADCAST @ file_ns_capable xt_free_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable register_inet6addr_notifier CAP_NET_BROADCAST @ file_ns_capable xt_compat_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable unregister_inetaddr_notifier CAP_NET_BROADCAST @ file_ns_capable nl80211_common_reg_change_event CAP_NET_BROADCAST @ file_ns_capable netns_install CAP_SYS_ADMIN @ ns_capable rfkill_destroy CAP_NET_BROADCAST @ file_ns_capable cfg80211_chandef_dfs_required CAP_NET_BROADCAST @ file_ns_capable acpi_evaluate_ej0 CAP_NET_BROADCAST @ file_ns_capable ieee80211_color_change_finalize CAP_NET_BROADCAST @ file_ns_capable ext4_should_retry_alloc CAP_SYS_RESOURCE @ capable security_context_to_sid_force CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit copy_net_ns CAP_SYS_ADMIN @ ns_capable ext4_release_orphan_info CAP_SYS_RESOURCE @ capable sock_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check access_process_vm CAP_IPC_LOCK @ capable ieee80211_sta_wmm_params CAP_NET_BROADCAST @ file_ns_capable sta_info_move_state CAP_NET_BROADCAST @ file_ns_capable proc_dointvec CAP_NET_ADMIN @ ns_capable ieee80211_recalc_ps CAP_NET_BROADCAST @ file_ns_capable ieee80211_chandef_downgrade CAP_NET_BROADCAST @ file_ns_capable cfg80211_chandef_valid CAP_NET_BROADCAST @ file_ns_capable ieee80211_vif_change_bandwidth CAP_NET_BROADCAST @ file_ns_capable ieee80211_set_disassoc CAP_NET_BROADCAST @ file_ns_capable acpi_update_all_gpes CAP_NET_BROADCAST @ file_ns_capable ieee80211_freq_khz_to_channel CAP_NET_BROADCAST @ file_ns_capable filemap_write_and_wait_range CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __SCT__tp_func_drv_channel_switch_beacon CAP_NET_BROADCAST @ file_ns_capable __sta_info_recalc_tim CAP_NET_BROADCAST @ file_ns_capable ieee80211_csa_finalize CAP_NET_BROADCAST @ file_ns_capable pagevec_lookup_range CAP_SYS_RESOURCE @ capable mon_bin_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check serial8250_get_mctrl CAP_SYS_ADMIN @ capable cleanup_single_sta CAP_NET_BROADCAST @ file_ns_capable round_jiffies CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check ieee80211_vif_release_channel CAP_NET_BROADCAST @ file_ns_capable set_fs_pwd CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_set_wmm_default CAP_NET_BROADCAST @ file_ns_capable drv_sta_state CAP_NET_BROADCAST @ file_ns_capable cfg80211_rx_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable security_set_bools CAP_CHOWN @ avc_has_perm_noaudit vfs_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_handle_printk CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check kmalloc_array.51973 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_shutdown_all_interfaces CAP_NET_BROADCAST @ file_ns_capable ieee80211_free_txskb CAP_NET_BROADCAST @ file_ns_capable idr_remove CAP_NET_BROADCAST @ file_ns_capable __setplane_internal CAP_NET_BROADCAST @ file_ns_capable ieee80211_tx_monitor CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_idle CAP_NET_BROADCAST @ file_ns_capable ieee80211_configure_filter CAP_NET_BROADCAST @ file_ns_capable exit_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __SCT__tp_func_drv_leave_ibss CAP_NET_BROADCAST @ file_ns_capable drm_prime_destroy_file_private CAP_SYS_ADMIN @ capable intel_user_framebuffer_dirty CAP_NET_BROADCAST @ file_ns_capable drm_plane_check_pixel_format CAP_NET_BROADCAST @ file_ns_capable blk_rq_init CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_mmap_page_range CAP_SYS_RAWIO @ capable ieee80211_rx_bss_put CAP_NET_BROADCAST @ file_ns_capable ext4_bread CAP_SYS_RESOURCE @ capable i915_gem_flush_free_objects CAP_NET_BROADCAST @ file_ns_capable cfg80211_assoc_timeout CAP_NET_BROADCAST @ file_ns_capable send_signal CAP_KILL @ ns_capable drm_property_free_blob CAP_NET_BROADCAST @ file_ns_capable scsi_autopm_put_device CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable xt_compat_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable copy_page CAP_IPC_LOCK @ capable cfg80211_auth_timeout CAP_NET_BROADCAST @ file_ns_capable local_bh_enable.71737 CAP_NET_BROADCAST @ file_ns_capable ext4_swap_extents CAP_SYS_RESOURCE @ capable ieee80211_send_null_response CAP_NET_BROADCAST @ file_ns_capable ieee80211_clear_tx_pending CAP_NET_BROADCAST @ file_ns_capable netif_carrier_on CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check auditd_reset CAP_NET_BROADCAST @ file_ns_capable cfg80211_mlme_purge_registrations CAP_NET_BROADCAST @ file_ns_capable ieee80211_tx_h_select_key CAP_NET_BROADCAST @ file_ns_capable d_obtain_alias CAP_SYS_RESOURCE @ capable CAP_CHOWN @ avc_has_perm_noaudit inconsistent check ieee80211_xmit CAP_NET_BROADCAST @ file_ns_capable vm_get_page_prot CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable follow_hugetlb_page CAP_IPC_LOCK @ capable ieee80211_tx_frags CAP_NET_BROADCAST @ file_ns_capable arch_uretprobe_is_alive CAP_IPC_LOCK @ capable ieee80211_mgd_probe_ap_send CAP_NET_BROADCAST @ file_ns_capable unlock_rename CAP_CHOWN @ avc_has_perm_noaudit drv_start_nan CAP_NET_BROADCAST @ file_ns_capable dir_add CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_sdata_stop CAP_NET_BROADCAST @ file_ns_capable mq_walk CAP_NET_ADMIN @ netlink_ns_capable ieee80211_send_nullfunc CAP_NET_BROADCAST @ file_ns_capable ext4_append CAP_SYS_RESOURCE @ capable drm_get_mode_status_name CAP_NET_BROADCAST @ file_ns_capable ieee80211_set_mon_options CAP_NET_BROADCAST @ file_ns_capable cfg80211_find_elem_match CAP_NET_BROADCAST @ file_ns_capable ieee80211_auth.72847 CAP_NET_BROADCAST @ file_ns_capable igmp6_late_init CAP_NET_BROADCAST @ file_ns_capable ieee80211_reconfig CAP_NET_BROADCAST @ file_ns_capable ieee80211_queue_delayed_work CAP_NET_BROADCAST @ file_ns_capable __sta_info_destroy CAP_NET_BROADCAST @ file_ns_capable acpi_unlock_hp_context CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_sw_work CAP_NET_BROADCAST @ file_ns_capable ieee80211_free_keys_iface CAP_NET_BROADCAST @ file_ns_capable ieee80211_key_free CAP_NET_BROADCAST @ file_ns_capable proc_dostring CAP_SYS_ADMIN @ capable sta_info_hash_del CAP_NET_BROADCAST @ file_ns_capable drv_tdls_cancel_channel_switch CAP_NET_BROADCAST @ file_ns_capable __sta_info_destroy_part2 CAP_NET_BROADCAST @ file_ns_capable ieee80211_teardown_tdls_peers CAP_NET_BROADCAST @ file_ns_capable wiphy_register CAP_NET_BROADCAST @ file_ns_capable codel_dequeue_func CAP_NET_BROADCAST @ file_ns_capable security_get_bools CAP_CHOWN @ avc_has_perm_noaudit invoke_tx_handlers_early CAP_NET_BROADCAST @ file_ns_capable switch_task_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable mutex_is_locked CAP_NET_BROADCAST @ file_ns_capable cfg80211_put_bss CAP_NET_BROADCAST @ file_ns_capable ieee80211_offchannel_return CAP_NET_BROADCAST @ file_ns_capable selinux_status_update_setenforce CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check _enable_swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __hw_addr_init CAP_NET_BROADCAST @ file_ns_capable max_swapfile_size CAP_SYS_ADMIN @ capable pci_disable_msi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check wiphy_free CAP_NET_BROADCAST @ file_ns_capable __cfg80211_disconnected CAP_NET_BROADCAST @ file_ns_capable qdisc_get_stab CAP_NET_ADMIN @ netlink_ns_capable __cfg80211_connect_result CAP_NET_BROADCAST @ file_ns_capable rtc_set_time CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check cgroup_can_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable rate_control_rate_init CAP_NET_BROADCAST @ file_ns_capable io_uring_add_tctx_node CAP_IPC_LOCK @ capable ieee80211_recalc_min_chandef CAP_NET_BROADCAST @ file_ns_capable sysfs_remove_link CAP_NET_BROADCAST @ file_ns_capable rdev_stop_nan CAP_NET_BROADCAST @ file_ns_capable snd_disconnect_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drv_get_tsf CAP_NET_BROADCAST @ file_ns_capable maybe_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_if_remove CAP_NET_BROADCAST @ file_ns_capable netlbl_unlabel_defconf CAP_NET_BROADCAST @ file_ns_capable netlbl_cipsov4_genl_init CAP_NET_BROADCAST @ file_ns_capable kernel_wait CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check create_elf_tables.17943 CAP_IPC_LOCK @ capable netlink_register_notifier CAP_NET_BROADCAST @ file_ns_capable genl_unregister_family CAP_NET_BROADCAST @ file_ns_capable regulatory_init CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_set_config CAP_NET_BROADCAST @ file_ns_capable alloc_workqueue CAP_NET_BROADCAST @ file_ns_capable bad_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid kernfs_iop_rename CAP_FOWNER @ capable_wrt_inode_uidgid ipv6_sysctl_register CAP_NET_BROADCAST @ file_ns_capable igmp6_late_cleanup CAP_NET_BROADCAST @ file_ns_capable kernfs_iop_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid ioam6_exit CAP_NET_BROADCAST @ file_ns_capable reset_palette CAP_KILL @ ns_capable register_pernet_subsys CAP_NET_BROADCAST @ file_ns_capable security_sid_to_context CAP_CHOWN @ avc_has_perm_noaudit arch_uretprobe_hijack_return_addr CAP_IPC_LOCK @ capable ioam6_init CAP_NET_BROADCAST @ file_ns_capable genl_ctrl_event CAP_NET_BROADCAST @ file_ns_capable unregister_pernet_device CAP_NET_BROADCAST @ file_ns_capable pcie_capability_clear_and_set_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable wiphy_all_share_dfs_chan_state CAP_NET_BROADCAST @ file_ns_capable reg_process_self_managed_hints CAP_NET_BROADCAST @ file_ns_capable print_rd_rules CAP_NET_BROADCAST @ file_ns_capable __pm_runtime_idle CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cancel_delayed_work CAP_NET_BROADCAST @ file_ns_capable __ext4_journal_start_sb CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check regulatory_hint_user CAP_NET_BROADCAST @ file_ns_capable selinux_policy_cancel CAP_CHOWN @ avc_has_perm_noaudit __mnt_want_write CAP_SYS_PACCT @ capable selinux_status_update_policyload CAP_NET_BROADCAST @ file_ns_capable kill_ioctx CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable _ieee80211_start_next_roc CAP_NET_BROADCAST @ file_ns_capable selinux_netlbl_cache_invalidate CAP_NET_BROADCAST @ file_ns_capable __i915_gem_object_get_pages CAP_IPC_LOCK @ capable call_blocking_lsm_notifier CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check pci_write_config_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i915_sw_fence_complete CAP_NET_BROADCAST @ file_ns_capable scsi_run_host_queues CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check avc_set_cache_threshold CAP_CHOWN @ avc_has_perm_noaudit kobject_uevent_env CAP_NET_BROADCAST @ file_ns_capable intel_modeset_driver_remove_noirq CAP_NET_BROADCAST @ file_ns_capable efivar_entry_find CAP_SYS_ADMIN @ capable is_swbp_insn CAP_IPC_LOCK @ capable d_alloc_parallel CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_internal_framebuffer_create CAP_NET_BROADCAST @ file_ns_capable bad_inode_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid drm_mode_object_get CAP_NET_BROADCAST @ file_ns_capable security_sid_to_context_force CAP_CHOWN @ avc_has_perm_noaudit drm_connector_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable drm_primary_helper_disable CAP_NET_BROADCAST @ file_ns_capable drm_crtc_vblank_count CAP_NET_BROADCAST @ file_ns_capable drm_crtc_vblank_put CAP_NET_BROADCAST @ file_ns_capable drm_modeset_acquire_init CAP_NET_BROADCAST @ file_ns_capable lru_cache_add_inactive_or_unevictable CAP_IPC_LOCK @ capable drm_modeset_lock CAP_NET_BROADCAST @ file_ns_capable drm_event_reserve_init CAP_NET_BROADCAST @ file_ns_capable drm_atomic_connector_commit_dpms CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_page_flip CAP_NET_BROADCAST @ file_ns_capable drm_modeset_backoff CAP_NET_BROADCAST @ file_ns_capable drm_modeset_acquire_fini CAP_NET_BROADCAST @ file_ns_capable vm_access CAP_IPC_LOCK @ capable cfg80211_process_wdev_events CAP_NET_BROADCAST @ file_ns_capable drm_modeset_lock_all_ctx CAP_NET_BROADCAST @ file_ns_capable out_of_line_wait_on_bit CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check fat_compat_dir_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_mode_crtc_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable drm_atomic_state_alloc CAP_NET_BROADCAST @ file_ns_capable drm_mode_obj_find_prop_id CAP_NET_BROADCAST @ file_ns_capable security_vm_enough_memory_mm CAP_SYS_ADMIN @ capable drm_atomic_commit CAP_NET_BROADCAST @ file_ns_capable drm_atomic_state_clear CAP_NET_BROADCAST @ file_ns_capable __drm_atomic_state_free CAP_NET_BROADCAST @ file_ns_capable __dev_change_net_namespace CAP_NET_ADMIN @ netlink_ns_capable drm_property_change_valid_get CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_get_properties CAP_NET_BROADCAST @ file_ns_capable pci_bus_write_config_byte CAP_NET_BROADCAST @ file_ns_capable ext4_mb_release CAP_SYS_RESOURCE @ capable __setplane_check CAP_NET_BROADCAST @ file_ns_capable sysfs_notify CAP_NET_BROADCAST @ file_ns_capable strscpy CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check mqueue_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_ibss_stop CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_find CAP_NET_BROADCAST @ file_ns_capable drm_is_current_master CAP_NET_BROADCAST @ file_ns_capable drm_gem_fb_create_handle CAP_NET_BROADCAST @ file_ns_capable device_set_wakeup_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_gem_handle_create CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_dirtyfb CAP_NET_BROADCAST @ file_ns_capable drm_atomic_get_plane_state CAP_NET_BROADCAST @ file_ns_capable drm_modeset_lock_all CAP_NET_BROADCAST @ file_ns_capable thermal_zone_device_critical CAP_NET_BROADCAST @ file_ns_capable dev_set_alias CAP_NET_ADMIN @ ns_capable drm_dev_dbg CAP_NET_BROADCAST @ file_ns_capable qdisc_notify CAP_NET_ADMIN @ netlink_ns_capable __i915_active_wait CAP_NET_BROADCAST @ file_ns_capable intel_overlay_release_old_vid CAP_NET_BROADCAST @ file_ns_capable bad_area CAP_IPC_LOCK @ capable ieee80211_send_delba CAP_NET_BROADCAST @ file_ns_capable i915_request_create CAP_NET_BROADCAST @ file_ns_capable _find_first_bit CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check ww_mutex_lock CAP_NET_BROADCAST @ file_ns_capable cgroup_free_root CAP_SYS_ADMIN @ ns_capable timens_install CAP_SYS_ADMIN @ ns_capable i915_gem_ww_ctx_backoff CAP_NET_BROADCAST @ file_ns_capable ext4_iomap_swap_activate CAP_SYS_ADMIN @ capable create_elf_tables CAP_IPC_LOCK @ capable iowrite32 CAP_NET_BROADCAST @ file_ns_capable i915_active_ref CAP_NET_BROADCAST @ file_ns_capable compat_table_info CAP_NET_ADMIN @ ns_capable n_null_close CAP_SYS_MODULE @ capable intel_ring_begin CAP_NET_BROADCAST @ file_ns_capable tcp_set_congestion_control CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable filename_parentat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_modeset_unlock_all CAP_NET_BROADCAST @ file_ns_capable drm_connector_free CAP_NET_BROADCAST @ file_ns_capable chroot_fs_refs CAP_SYS_ADMIN @ ns_capable proc_alloc_inum CAP_SYS_ADMIN @ ns_capable nfs_file_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check drm_vblank_get CAP_NET_BROADCAST @ file_ns_capable seccomp_notify_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check set_regdom CAP_NET_BROADCAST @ file_ns_capable perf_kprobe_init CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check drm_send_event_timestamp_locked CAP_NET_BROADCAST @ file_ns_capable __lookup_hash CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_modeset_unlock CAP_NET_BROADCAST @ file_ns_capable ring_buffer_nest_end CAP_SYSLOG @ has_capability_noaudit drm_property_create_blob CAP_NET_BROADCAST @ file_ns_capable drm_property_blob_put CAP_NET_BROADCAST @ file_ns_capable kmalloc_array.52393 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_lease_held CAP_NET_BROADCAST @ file_ns_capable e1000_free_desc_rings.52397 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_lease_filter_crtcs CAP_NET_BROADCAST @ file_ns_capable ext4_handle_dirty_dirblock CAP_SYS_RESOURCE @ capable drm_mode_create CAP_NET_BROADCAST @ file_ns_capable ext4_empty_dir CAP_SYS_RESOURCE @ capable drm_mode_destroy CAP_NET_BROADCAST @ file_ns_capable drm_debugfs_cleanup CAP_NET_BROADCAST @ file_ns_capable unmap_mapping_range CAP_NET_BROADCAST @ file_ns_capable acpi_scan_lock_release CAP_NET_BROADCAST @ file_ns_capable i915_gem_suspend CAP_NET_BROADCAST @ file_ns_capable __ext4_warning_inode CAP_SYS_RESOURCE @ capable intel_modeset_driver_remove CAP_NET_BROADCAST @ file_ns_capable i915_reset_error_state CAP_NET_BROADCAST @ file_ns_capable drm_framebuffer_lookup CAP_NET_BROADCAST @ file_ns_capable i915_gem_driver_remove CAP_NET_BROADCAST @ file_ns_capable pci_read_config_byte CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable blk_rq_unmap_user CAP_SYS_RAWIO @ capable intel_modeset_driver_remove_nogem CAP_NET_BROADCAST @ file_ns_capable i915_driver_release CAP_NET_BROADCAST @ file_ns_capable i915_driver_lastclose CAP_NET_BROADCAST @ file_ns_capable cancel_work_sync CAP_NET_BROADCAST @ file_ns_capable drm_minor_release CAP_NET_BROADCAST @ file_ns_capable exit_task_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sta_info_destroy_addr CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_cap_rx_bw CAP_NET_BROADCAST @ file_ns_capable atomic_dec_and_mutex_lock CAP_NET_BROADCAST @ file_ns_capable drm_file_free CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check acpi_lock_hp_context CAP_NET_BROADCAST @ file_ns_capable tg3_frob_aux_power CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ata_acpi_ap_notify_dock CAP_NET_BROADCAST @ file_ns_capable __ieee80211_tx_skb_tid_band CAP_NET_BROADCAST @ file_ns_capable ata_acpi_ap_uevent CAP_NET_BROADCAST @ file_ns_capable sparse_keymap_report_event CAP_NET_BROADCAST @ file_ns_capable acpi_processor_ignore_ppc_init CAP_NET_BROADCAST @ file_ns_capable init_chmod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check driver_unregister CAP_NET_BROADCAST @ file_ns_capable cpu_hotplug_enable CAP_NET_BROADCAST @ file_ns_capable simple_unlink CAP_FOWNER @ capable_wrt_inode_uidgid may_delete CAP_FOWNER @ capable_wrt_inode_uidgid ext4_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netdev_state_change CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check ieee80211_led_exit CAP_NET_BROADCAST @ file_ns_capable rfkill_set_block CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable mnt_warn_timestamp_expiry CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tg3_write_indirect_reg32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kern_path CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ipcns_install CAP_SYS_ADMIN @ ns_capable sta_info_get CAP_NET_BROADCAST @ file_ns_capable __do_loopback CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable fs_context_for_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_reset_erp_info CAP_NET_BROADCAST @ file_ns_capable security_sb_kern_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_release_reorder_frame CAP_NET_BROADCAST @ file_ns_capable dev_change_carrier CAP_NET_ADMIN @ ns_capable n_null_open CAP_SYS_MODULE @ capable rtc_cmos_read CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable copy_fs_struct CAP_SYS_ADMIN @ ns_capable cgroupns_install CAP_SYS_ADMIN @ ns_capable serial8250_register_8250_port CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable utsns_install CAP_SYS_ADMIN @ ns_capable from_mnt_ns CAP_SYS_ADMIN @ ns_capable random_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check __put_cred CAP_SYS_ADMIN @ ns_capable timens_commit CAP_SYS_ADMIN @ ns_capable --- Interesting Type fields and checks --- struct.scsi_device.619290:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.qdisc_size_table:0, CAP_NET_ADMIN @ netlink_ns_capable struct.netdev_queue.757702:0, CAP_NET_ADMIN @ netlink_ns_capable struct.Qdisc_class_ops.757707:0, CAP_NET_ADMIN @ netlink_ns_capable struct.nfnetlink_subsystem:0, CAP_NET_ADMIN @ netlink_net_capable struct.signal_struct.361954:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.362008:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.tty_struct.361948:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.cppc_pcc_data:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_gpe_walk_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_gpe_block_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_osc_context:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.platform_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.irq_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.phy_driver.635968:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.Qdisc.757714:0, CAP_NET_ADMIN @ netlink_ns_capable struct.phy_device.635972:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.nic:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.642937:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.net_device.649199:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.e1000_adapter.644902:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.net_device.652328:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.rtl8169_private:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.317892:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.yenta_socket:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.usb_hcd.660241:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.xhci_hcd:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.usb_hcd:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.snd_card:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.uart_8250_port:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.irq_desc.75769:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.irqaction:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.block_device.196400:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.journal_s.196563:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.15000:0, CAP_SYS_RAWIO @ capable struct.simple_xattr:0, CAP_SYS_ADMIN @ capable struct.net.762396:0, CAP_NET_ADMIN @ ns_capable struct.in_ifaddr.762192:0, CAP_NET_ADMIN @ ns_capable struct.in_device.762195:0, CAP_NET_ADMIN @ ns_capable struct.task_struct.147084:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.io_sq_data:0, CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable inconsistent check struct.task_struct.178066:0, CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.e1000_ring.644871:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.vfsmount:3,5,0,-1,2,6,7,1,4, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.azx.742802:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.vm_area_struct.130376:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.task_struct.130490:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.super_operations:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.block_device:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.fs_struct:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.fq_flow:0, CAP_NET_BROADCAST @ file_ns_capable struct.ext4_xattr_info:0, CAP_SYS_RESOURCE @ capable struct.net_device.829233:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.ip6t_replace:0, CAP_NET_ADMIN @ ns_capable struct.ns_common:0,1, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ptp_clock_info:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.ext4_sb_info.196591:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.xt_table.916732:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.xattr_handler:0, CAP_SYS_ADMIN @ capable struct.fs_context:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.task_struct.269351:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.acpi_object_list:0, CAP_NET_BROADCAST @ file_ns_capable struct.net.859129:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.swap_info_struct:0, CAP_SYS_ADMIN @ capable struct.xt_match.871627:0, CAP_NET_ADMIN @ ns_capable struct.vm_area_struct.131894:0, CAP_IPC_LOCK @ capable struct.dock_dependent_device:0, CAP_NET_BROADCAST @ file_ns_capable struct.net.767941:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.gendisk.301732:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.uts_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.acpi_hotplug_context:0, CAP_NET_BROADCAST @ file_ns_capable struct.nfnl_err:0, CAP_NET_ADMIN @ netlink_net_capable struct.net.828834:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check struct.ip_tunnel.922534:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.sock.871619:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.mm_struct:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.drm_i915_gem_object.500929:0, CAP_IPC_LOCK @ capable struct.nameidata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.ext4_ext_path:0, CAP_SYS_RESOURCE @ capable struct.io_mapped_ubuf:0, CAP_IPC_LOCK @ capable struct.linux_binprm:0, CAP_IPC_LOCK @ capable struct.io_ring_ctx:0, CAP_BLOCK_SUSPEND @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.ieee80211_tx_status:0, CAP_NET_BROADCAST @ file_ns_capable struct.mnt_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.netlink_dump_control.884876:0, CAP_NET_ADMIN @ netlink_net_capable struct.rtentry:0, CAP_NET_ADMIN @ ns_capable struct.coredump_params:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.ipc_ops:0, CAP_IPC_OWNER @ ns_capable struct.io_timeout_data:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check struct.io_rsrc_data:0, CAP_IPC_LOCK @ capable struct.xt_match.916725:0, CAP_NET_ADMIN @ ns_capable struct.intel_crtc.554479:0, CAP_NET_BROADCAST @ file_ns_capable struct.block_device.301900:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.block_device_operations:0, CAP_SYS_ADMIN @ capable struct.net:0, CAP_NET_RAW @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_SYS_ADMIN @ netlink_ns_capable inconsistent check struct.netdev_rx_queue.767808:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable struct.drm_i915_gem_object_ops.500915:0, CAP_IPC_LOCK @ capable struct.uart_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.io_rsrc_node:0, CAP_IPC_LOCK @ capable struct.ext4_xattr_ibody_find.201816:0, CAP_SYS_RESOURCE @ capable struct.mmu_notifier_range:0, CAP_IPC_LOCK @ capable struct.path:0, CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.Scsi_Host.619305:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.xt_target.871630:0, CAP_NET_ADMIN @ ns_capable struct.ieee80211_ops:0, CAP_NET_BROADCAST @ file_ns_capable struct.net_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check struct.block_device_operations.301727:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.net.757607:0, CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check struct.kernel_clone_args:0, CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.drm_i915_private.554641:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_framebuffer_funcs.381370:0, CAP_NET_BROADCAST @ file_ns_capable struct.tty_ldisc_ops.359248:0, CAP_SYS_MODULE @ capable struct.drm_mode_set.381410:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_i915_private:0, CAP_NET_BROADCAST @ file_ns_capable struct.kioctx:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.ip_tunnel_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.xt_entry_match.916735:0, CAP_NET_ADMIN @ ns_capable struct.net_device.751070:0, CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.cred:0, CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_SETGID @ ns_capable_setid inconsistent check struct.sit_net:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.header_ops:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.trace_event_call.109054:0, CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check struct.gendisk:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.tcf_chain.778880:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.gendisk.624016:0, CAP_SYS_ADMIN @ capable struct.Qdisc_ops.757708:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.renamedata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.Qdisc.778877:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.vc_data.364049:0, CAP_KILL @ ns_capable struct.cfg80211_registered_device:0, CAP_NET_BROADCAST @ file_ns_capable struct.signal_struct:0, CAP_SYS_ADMIN @ ns_capable CAP_KILL @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.cfg80211_ops:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_device.381449:0, CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.net_device.767860:0, CAP_NET_ADMIN @ capable struct.tcf_proto_ops.778881:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.xt_table.871634:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.ieee80211_roc_work:0, CAP_NET_BROADCAST @ file_ns_capable struct.vm_operations_struct:0, CAP_IPC_LOCK @ capable struct.scsi_host_template.619299:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.check_loop_arg:0, CAP_NET_ADMIN @ netlink_ns_capable struct.time_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.sg_io_hdr:0, CAP_SYS_RAWIO @ capable struct.task_struct.114999:0, CAP_KILL @ ns_capable %321 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %72 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %48 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %32 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check struct.pmu.114809:0, CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check struct.pid:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.sock:0,1, CAP_NET_ADMIN @ netlink_net_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.audit_context:0, CAP_IPC_LOCK @ capable struct.iommu_group:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.percpu_ref_data:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check struct.pps_device:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.ieee80211_hw:31,10,25,14,27,0,26,3, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_sched_scan_request:0, CAP_NET_BROADCAST @ file_ns_capable struct.ipv6_txoptions:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.sock.273263:0, CAP_NET_ADMIN @ ns_capable struct.sock.916717:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.task_struct:0, CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_MODULE @ capable CAP_IPC_LOCK @ capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_DAC_READ_SEARCH @ capable CAP_CHOWN @ avc_has_perm_noaudit CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_KILL @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_NET_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_WAKE_ALARM @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_SYS_NICE @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.net_device_ops.750932:0, CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.alarm:0, CAP_WAKE_ALARM @ capable struct.tcf_filter_chain_list_item:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.socket:0, CAP_IPC_LOCK @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.drm_i915_gem_object.448284:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.attribute:1, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.key.269026:0, CAP_SYS_ADMIN @ capable struct.group_device:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.net_device.762274:0, CAP_NET_ADMIN @ ns_capable struct.ext4_renament:0, CAP_SYS_RESOURCE @ capable struct.ipv6_pinfo.889143:0, CAP_NET_ADMIN @ ns_capable struct.net_device.859215:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.tty_struct.359247:0, CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check struct.uprobe_task:0, CAP_IPC_LOCK @ capable struct.task_struct.167755:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.xt_entry_match.871637:0, CAP_NET_ADMIN @ ns_capable struct.cgroup_subsys:0, CAP_SYS_ADMIN @ ns_capable struct.k_itimer:0, CAP_WAKE_ALARM @ capable struct.super_operations.147864:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.iov_iter:0, CAP_SYS_NICE @ capable struct.i915_gem_engines.448317:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_mode_rmfb_work:0, CAP_NET_BROADCAST @ file_ns_capable struct.device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check struct.sg_fd:0, CAP_SYS_RAWIO @ capable struct.wiphy:-1,0, CAP_NET_BROADCAST @ file_ns_capable struct.rtnl_link_ops.751063:0, CAP_NET_ADMIN @ netlink_ns_capable struct.request.618304:0,1, CAP_SYS_RAWIO @ capable struct.genl_family.782314:0, CAP_NET_BROADCAST @ file_ns_capable struct.net_device.757749:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.ipc_namespace:0, CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.pr_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.ext4_xattr_search:0, CAP_SYS_RESOURCE @ capable struct.nsproxy:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_WAKE_ALARM @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.pid_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_PACCT @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.uevent_sock:0, CAP_SYS_ADMIN @ netlink_ns_capable struct.packet_fanout:0, CAP_NET_RAW @ ns_capable struct.dx_hash_info:0, CAP_SYS_RESOURCE @ capable struct.nsset:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.xt_target.916728:0, CAP_NET_ADMIN @ ns_capable struct.drm_object_properties.381366:0, CAP_NET_BROADCAST @ file_ns_capable struct.uart_state:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.amd_iommu:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.kern_ipc_perm:1, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ ns_capable inconsistent check struct.selinux_fs_info:0, CAP_CHOWN @ avc_has_perm_noaudit struct.path.147158:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.qstr:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.io_wqe:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.hlist_nulls_node:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.nfnl_info:0, CAP_NET_ADMIN @ netlink_net_capable struct.io_cb_cancel_data:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.drm_atomic_state.381429:0, CAP_NET_BROADCAST @ file_ns_capable struct.intel_crtc.417268:0, CAP_NET_BROADCAST @ file_ns_capable struct.perf_event_context.114803:0, CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check struct.net_device.642914:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.callback_head:-5,-7,-6,-4, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.task_struct.363907:0, CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check struct.intel_overlay:0, CAP_NET_BROADCAST @ file_ns_capable struct.pci_dev.649231:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ext4_sb_info.200085:0, CAP_SYS_RESOURCE @ capable struct.readahead_control:0, CAP_SYS_RESOURCE @ capable struct.cdrom_device_ops.618336:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.ctl_table:0, CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.rtc_device.688591:0, CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check struct.wireless_dev:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_sub_if_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.genl_info:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_local:0, CAP_NET_BROADCAST @ file_ns_capable struct.uprobe_consumer.116604:0, CAP_IPC_LOCK @ capable struct.tty_operations.359242:0, CAP_SYS_MODULE @ capable struct.drm_file:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.ieee80211_rx_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_if_ap:0,-6, CAP_NET_BROADCAST @ file_ns_capable struct.task_struct.751321:0, CAP_IPC_LOCK @ capable struct.net_device_ops.767773:0, CAP_NET_ADMIN @ capable struct.sta_info:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_event:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_supported_band:0, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_bss:0,-2, CAP_NET_BROADCAST @ file_ns_capable struct.irq_chip.75783:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.cfg80211_wowlan:0, CAP_NET_BROADCAST @ file_ns_capable struct.mbox_chan:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.intel_plane_state.554645:0, CAP_NET_BROADCAST @ file_ns_capable struct.wiphy_iftype_ext_capab:0, CAP_NET_BROADCAST @ file_ns_capable struct.load_info:0, CAP_SYS_MODULE @ capable struct.ieee802_11_elems:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_tx_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.net.751184:0, CAP_NET_ADMIN @ netlink_ns_capable struct.perf_event.21757:0, CAP_SYS_ADMIN @ capable struct.ieee80211_key:0, CAP_NET_BROADCAST @ file_ns_capable struct.ipt_replace:0, CAP_NET_ADMIN @ ns_capable struct.intel_wedge_me:0, CAP_NET_BROADCAST @ file_ns_capable struct.tcf_block.778879:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.intel_gt.448358:0, CAP_NET_BROADCAST @ file_ns_capable struct.gendisk.196398:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.amd_northbridge:0, CAP_SYS_ADMIN @ capable struct.sg_request:0, CAP_SYS_RAWIO @ capable struct.drm_plane_state.381418:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_mode_object.381367:10,23,29,2,9,0,-3,-2,1, CAP_NET_BROADCAST @ file_ns_capable struct.dir_private_info:0, CAP_SYS_RESOURCE @ capable struct.cred.114515:0, CAP_KILL @ ns_capable %321 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %72 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %48 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %32 = call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check struct.io_kiocb:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable inconsistent check struct.drm_plane.381421:0, CAP_NET_BROADCAST @ file_ns_capable struct.net.894197:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.jbd2_journal_handle:0, CAP_SYS_RESOURCE @ capable struct.iocb:0, CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.uart_port:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.xol_area:0, CAP_IPC_LOCK @ capable struct.drm_mode_config_funcs.381430:0, CAP_NET_BROADCAST @ file_ns_capable struct.ext4_io_end:0, CAP_SYS_RESOURCE @ capable struct.drm_plane_funcs.381419:0, CAP_NET_BROADCAST @ file_ns_capable struct.anon.1:110, CAP_SYS_RESOURCE @ capable struct.drm_i915_gem_object.554348:0, CAP_NET_BROADCAST @ file_ns_capable struct.fib_config:0, CAP_NET_ADMIN @ ns_capable struct.drm_crtc_funcs.381412:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_framebuffer.381371:0, CAP_NET_BROADCAST @ file_ns_capable struct.proc_ns_operations:0, CAP_SYS_ADMIN @ ns_capable struct.drm_client_buffer:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_client_dev:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.work_struct:2, CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #76 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.Qdisc_class_ops.778870:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.acpi_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.drm_i915_private.417433:0, CAP_NET_BROADCAST @ file_ns_capable struct.exar8250_board:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.i915_gem_ww_ctx.554427:0, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_internal_bss:0, CAP_NET_BROADCAST @ file_ns_capable struct.journal_s:0, CAP_SYS_NICE @ capable struct.tg3:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.drm_property.381365:0, CAP_NET_BROADCAST @ file_ns_capable struct.i915_request.554394:0, CAP_NET_BROADCAST @ file_ns_capable struct.Qdisc_ops.778871:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.drm_property_blob.381384:0, CAP_NET_BROADCAST @ file_ns_capable struct.Indirect:0, CAP_SYS_RESOURCE @ capable struct.qspinlock:11,7,22,26, CAP_NET_BROADCAST @ file_ns_capable struct.tcf_proto.778882:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.ext4_filename:0, CAP_SYS_RESOURCE @ capable struct.drm_driver:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.drm_minor:0, CAP_NET_BROADCAST @ file_ns_capable struct.dock_station:0, CAP_NET_BROADCAST @ file_ns_capable struct.anon.117:1, CAP_SYS_ADMIN @ capable struct.perf_event.114830:0, CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 %14 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #76 cap_no=38 inconsistent check struct.vm_area_struct:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.cgroup_namespace:0, CAP_SYS_ADMIN @ ns_capable struct.trace_print_flags:0, CAP_CHOWN @ avc_has_perm_noaudit struct.selinux_state:0, CAP_CHOWN @ avc_has_perm_noaudit struct.kiocb:0, CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.sock.829134:0,1, CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable inconsistent check struct.dst_entry.828721:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.uprobe:0, CAP_IPC_LOCK @ capable struct.fib6_config.892951:0, CAP_NET_ADMIN @ ns_capable struct.cgroup_root:0, CAP_SYS_ADMIN @ ns_capable struct.buffer_head:0, CAP_SYS_RESOURCE @ capable struct.trace_eval_map:1, CAP_SYS_RESOURCE @ capable struct.ext4_sb_info:0, CAP_SYS_RESOURCE @ capable struct.acpi_gpe_xrupt_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.vfsmount.147157:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.ext4_xattr_block_find:0, CAP_SYS_RESOURCE @ capable struct.dx_frame:-1,1,-2,0, CAP_SYS_RESOURCE @ capable struct.request.295586:0,1, CAP_SYS_RAWIO @ capable struct.mpage_da_data:0, CAP_SYS_RESOURCE @ capable struct.dw_dma:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ip_tunnel:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.proto.273240:0, CAP_NET_ADMIN @ ns_capable struct.cgroup_fs_context:0, CAP_SYS_ADMIN @ ns_capable struct.kioctx_table:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.multiprocess_signals:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.ip6_flowlabel.903533:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check Run Analysis, Threads:1 Critical functions Check Use of Function:scsi_autopm_get_host Check Use of Function:scsi_autopm_put_host Check Use of Function:scsi_try_bus_reset Check Use of Function:scsi_try_host_reset Check Use of Function:ata_cmd_ioctl Check Use of Function:ata_task_ioctl Check Use of Function:fifo_hd_init Check Use of Function:dev_ingress_queue_create Check Use of Function:qdisc_graft Check Use of Function:mqueue_unlink Check Use of Function:nfs_unlink Check Use of Function:msdos_unlink Check Use of Function:ext4_unlink Check Use of Function:autofs_dir_unlink Check Use of Function:shmem_rmdir Check Use of Function:simple_rmdir Check Use of Function:security_inode_rmdir Check Use of Function:vfat_rename Check Use of Function:__is_local_mountpoint Check Use of Function:security_inode_rename Check Use of Function:msdos_rename Check Use of Function:lock_two_nondirectories Check Use of Function:shmem_rename2 Check Use of Function:take_dentry_name_snapshot Check Use of Function:simple_rename Check Use of Function:nfs_rename Check Use of Function:fsnotify_move Check Use of Function:__detach_mounts Check Use of Function:unlock_two_nondirectories Check Use of Function:release_dentry_name_snapshot Check Use of Function:i915_gem_context_release Check Use of Function:tty_kref_put Use: =BAD PATH= Call Stack: 0 proc_clear_tty 1 ksys_setsid 2 __do_sys_setsid ------------- Path:  Function:__do_sys_setsid %2 = tail call i32 @ksys_setsid() #76 Function:ksys_setsid %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 60 %4 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 63 %6 = load %struct.pid*, %struct.pid** %5, align 32 %7 = tail call i32 @pid_vnr(%struct.pid* %6) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 23 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %34 %14 = tail call %struct.task_struct* @pid_task(%struct.pid* %6, i32 2) #76 %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %16, label %34 %17 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %18 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 23 store i32 1, i32* %18, align 8 %19 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %19, i64 0, i32 95 %21 = load %struct.signal_struct*, %struct.signal_struct** %20, align 32 %22 = getelementptr %struct.signal_struct, %struct.signal_struct* %21, i64 0, i32 21, i64 3 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = icmp eq %struct.pid* %23, %6 br i1 %24, label %27, label %25 tail call void @change_pid(%struct.task_struct* %19, i32 3, %struct.pid* %6) #76 %26 = load %struct.signal_struct*, %struct.signal_struct** %20, align 32 br label %27 %28 = phi %struct.signal_struct* [ %21, %16 ], [ %26, %25 ] %29 = getelementptr %struct.signal_struct, %struct.signal_struct* %28, i64 0, i32 21, i64 2 %30 = load %struct.pid*, %struct.pid** %29, align 8 %31 = icmp eq %struct.pid* %30, %6 br i1 %31, label %33, label %32 tail call void bitcast (void (%struct.task_struct.362008*)* @proc_clear_tty to void (%struct.task_struct*)*)(%struct.task_struct* %4) #76 Function:proc_clear_tty %2 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %0, i64 0, i32 96 %3 = load %struct.sighand_struct*, %struct.sighand_struct** %2, align 8 %4 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %3, i64 0, i32 0, i32 0, i32 0 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #76 %6 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %0, i64 0, i32 95 %7 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %6, align 32 %8 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %7, i64 0, i32 24 %9 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %8, align 8 store %struct.tty_struct.361948* null, %struct.tty_struct.361948** %8, align 8 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %2, align 8 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %5) #76 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid*, %struct.pid** %45, align 8 %47 = icmp eq %struct.pid* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #76 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid*, %struct.pid** %45, align 8 %47 = icmp eq %struct.pid* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #76 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid*, %struct.pid** %45, align 8 %47 = icmp eq %struct.pid* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #76 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid*, %struct.pid** %45, align 8 %47 = icmp eq %struct.pid* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #76 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_open 1 uart_open ------------- Path:  Function:uart_open %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 0 %7 = tail call i32 bitcast (i32 (%struct.tty_port.360674*, %struct.tty_struct.360671*, %struct.file.360562*)* @tty_port_open to i32 (%struct.tty_port*, %struct.tty_struct*, %struct.file*)*)(%struct.tty_port* %6, %struct.tty_struct* %0, %struct.file* %1) #76 Function:tty_port_open %4 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 5 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = add i32 %7, 1 store i32 %8, i32* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %9, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 5, i32 0, i32 0 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #76 %12 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 1 %13 = load %struct.tty_struct.360671*, %struct.tty_struct.360671** %12, align 8 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.360671*)*)(%struct.tty_struct.360671* %13) #76 ------------- Good: 23 Bad: 6 Ignored: 22 Check Use of Function:__tty_hangup Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl 4 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl 4 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup 1 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !8 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #76 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #76 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !8 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #76 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #76 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !8 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #76 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #76 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #76 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup 1 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !8 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #76 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #76 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !8 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #76 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #76 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !8 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #76 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #76 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #76 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #76 ------------- Good: 4 Bad: 6 Ignored: 12 Check Use of Function:dev_change_flags Check Use of Function:dev_change_tx_queue_len Check Use of Function:drm_dev_get Check Use of Function:drm_client_modeset_free Check Use of Function:drm_gem_open Check Use of Function:i915_driver_open Check Use of Function:drm_gem_release Check Use of Function:tcf_proto_signal_destroying Check Use of Function:drm_syncobj_release Check Use of Function:iomem_is_exclusive Use: =BAD PATH= Call Stack: 0 devmem_is_allowed 1 write_mem ------------- Path:  Function:write_mem %5 = load i64, i64* %3, align 8 %6 = tail call i32 @valid_phys_addr_range(i64 %5, i64 %2) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %64, label %8 %9 = icmp eq i64 %2, 0 br i1 %9, label %60, label %10 %11 = phi i8* [ %34, %59 ], [ %1, %8 ] %12 = phi i64 [ %36, %59 ], [ %2, %8 ] %13 = phi i64 [ %35, %59 ], [ %5, %8 ] %14 = phi i64 [ %37, %59 ], [ 0, %8 ] %15 = and i64 %13, 4095 %16 = sub nuw nsw i64 4096, %15 %17 = icmp ult i64 %16, %12 %18 = select i1 %17, i64 %16, i64 %12 %19 = lshr i64 %13, 12 %20 = tail call i32 @devmem_is_allowed(i64 %19) #76 Function:devmem_is_allowed %2 = shl i64 %0, 12 %3 = tail call i32 @region_intersects(i64 %2, i64 4096, i64 16777728, i64 0) #76 %4 = icmp eq i32 %3, 1 br i1 %4, label %8, label %5 %9 = tail call zeroext i1 @iomem_is_exclusive(i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 devmem_is_allowed 1 mmap_mem ------------- Path:  Function:mmap_mem %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = sub i64 %4, %6 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 4503599627370496 br i1 %10, label %11, label %52 %12 = shl nuw i64 %9, 12 %13 = add i64 %7, -1 %14 = xor i64 %12, -1 %15 = icmp ugt i64 %13, %14 br i1 %15, label %52, label %16 %17 = tail call i32 @valid_mmap_phys_addr_range(i64 %9, i64 %7) #76 %18 = icmp eq i32 %17, 0 br i1 %18, label %52, label %19 %20 = load i64, i64* %8, align 8 %21 = shl i64 %20, 12 %22 = add i64 %21, %7 %23 = icmp ult i64 %21, %22 br i1 %23, label %24, label %35 %25 = phi i64 [ %30, %29 ], [ %21, %19 ] %26 = phi i64 [ %31, %29 ], [ %20, %19 ] %27 = tail call i32 @devmem_is_allowed(i64 %26) #76 Function:devmem_is_allowed %2 = shl i64 %0, 12 %3 = tail call i32 @region_intersects(i64 %2, i64 4096, i64 16777728, i64 0) #76 %4 = icmp eq i32 %3, 1 br i1 %4, label %8, label %5 %9 = tail call zeroext i1 @iomem_is_exclusive(i64 %2) #76 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:pci_mmap_fits Check Use of Function:kthread_stop Check Use of Function:kthread_bind_mask Check Use of Function:clockevents_config_and_register Check Use of Function:pci_fastcom335_setup Check Use of Function:devm_free_irq Check Use of Function:devres_add Check Use of Function:pci_walk_bus Use: =BAD PATH= Call Stack: 0 pci_bridge_d3_update 1 pci_d3cold_disable 2 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.317892* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #76 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.317892* %7) #76 Function:pci_d3cold_disable %2 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 33 %3 = bitcast i24* %2 to i32* %4 = load i32, i32* %3, align 2 %5 = and i32 %4, 512 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %8 = or i32 %4, 512 store i32 %8, i32* %3, align 2 tail call void @pci_bridge_d3_update(%struct.pci_dev.317892* %0) #76 Function:pci_bridge_d3_update %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 0, i32 7 %4 = load i8, i8* %3, align 4 %5 = and i8 %4, 2 %6 = icmp eq i8 %5, 0 store i8 1, i8* %2, align 1 %7 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 1 %8 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %7, align 8 %9 = getelementptr inbounds %struct.pci_bus.317894, %struct.pci_bus.317894* %8, i64 0, i32 1 %10 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %9, align 8 %11 = icmp eq %struct.pci_bus.317894* %10, null br i1 %11, label %78, label %12 %13 = getelementptr inbounds %struct.pci_bus.317894, %struct.pci_bus.317894* %8, i64 0, i32 4 %14 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %13, align 8 %15 = icmp eq %struct.pci_dev.317892* %14, null br i1 %15, label %78, label %16 %17 = tail call zeroext i1 @pci_bridge_d3_possible(%struct.pci_dev.317892* nonnull %14) #76 br i1 %17, label %18, label %78 br i1 %6, label %19, label %25 %26 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 33 %27 = bitcast i24* %26 to i32* %28 = load i32, i32* %27, align 2 %29 = and i32 %28, 2560 %30 = icmp eq i32 %29, 2048 br i1 %30, label %31, label %54 %32 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 11, i32 1 %33 = load i16, i16* %32, align 4 %34 = and i16 %33, 1 %35 = icmp eq i16 %34, 0 br i1 %35, label %47, label %36 %37 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 11, i32 6 %38 = load %struct.wakeup_source*, %struct.wakeup_source** %37, align 8 %39 = icmp eq %struct.wakeup_source* %38, null br i1 %39, label %47, label %40 %41 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 32 %42 = load i8, i8* %41, align 1 %43 = icmp ne i8 %42, 0 %44 = and i32 %28, 16 %45 = icmp ne i32 %44, 0 %46 = and i1 %45, %43 br i1 %46, label %47, label %54 %48 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 2 %49 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %48, align 8 %50 = icmp eq %struct.pci_bus.317894* %49, null %51 = and i32 %28, 1024 %52 = icmp ne i32 %51, 0 %53 = or i1 %52, %50 br i1 %53, label %55, label %54 %56 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %14, i64 0, i32 33 %57 = bitcast i24* %56 to i32* %58 = load i32, i32* %57, align 2 %59 = and i32 %58, 1024 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %66 %62 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %14, i64 0, i32 2 %63 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %62, align 8 call void bitcast (void (%struct.pci_bus.318251*, i32 (%struct.pci_dev.318249*, i8*)*, i8*)* @pci_walk_bus to void (%struct.pci_bus.317894*, i32 (%struct.pci_dev.317892*, i8*)*, i8*)*)(%struct.pci_bus.317894* %63, i32 (%struct.pci_dev.317892*, i8*)* nonnull @pci_dev_check_d3cold, i8* nonnull %2) #77 ------------- Good: 22 Bad: 1 Ignored: 17 Check Use of Function:acpi_ns_get_attached_object Check Use of Function:acpi_ut_remove_reference Check Use of Function:acpi_ns_attach_object Check Use of Function:acpi_os_acquire_lock Check Use of Function:acpi_os_release_lock Check Use of Function:pci_mmcfg_late_init Check Use of Function:acpi_debugfs_init Check Use of Function:acpi_bus_init_irq Check Use of Function:proc_mkdir Check Use of Function:acpi_early_processor_set_pdc Check Use of Function:acpi_get_handle Check Use of Function:acpi_initialize_objects Check Use of Function:acpi_sysfs_init Check Use of Function:acpi_enable_subsystem Check Use of Function:dma_async_device_register Check Use of Function:irq_domain_remove Check Use of Function:pci_unlock_rescan_remove Check Use of Function:dmar_walk_dsm_resource Check Use of Function:iommu_set_root_entry Check Use of Function:disable_dmar_iommu Check Use of Function:register_syscore_ops Check Use of Function:iommu_set_dma_strict Check Use of Function:probe_acpi_namespace_devices Check Use of Function:iommu_enable_translation Check Use of Function:iommu_device_register Check Use of Function:intel_irq_postinstall Check Use of Function:dev_pm_attach_wake_irq Check Use of Function:tg3_read32_mbox_5906 Check Use of Function:tg3_read_indirect_mbox Check Use of Function:pci_set_power_state Check Use of Function:tg3_poll_fw Check Use of Function:synchronize_irq Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_params 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %42 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %39, i64 0, i32 43 %43 = load i8, i8* %42, align 8, !range !6 %44 = icmp eq i8 %43, 0 br i1 %44, label %63, label %45 store i8 0, i8* %42, align 8 %46 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %47 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %46, align 8 %48 = icmp eq %struct.snd_pcm_ops.734296* %47, null br i1 %48, label %55, label %49 %50 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %47, i64 0, i32 7 %51 = load i32 (%struct.snd_pcm_substream.734306*)*, i32 (%struct.snd_pcm_substream.734306*)** %50, align 8 %52 = icmp eq i32 (%struct.snd_pcm_substream.734306*)* %51, null br i1 %52, label %55, label %53 %56 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %57 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %56, i64 0, i32 0 %58 = load %struct.snd_card*, %struct.snd_card** %57, align 8 %59 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %58, i64 0, i32 33 %60 = load i32, i32* %59, align 4 %61 = icmp sgt i32 %60, 0 br i1 %61, label %62, label %63 tail call void @synchronize_irq(i32 %60) #76 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_params 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %42 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %39, i64 0, i32 43 %43 = load i8, i8* %42, align 8, !range !6 %44 = icmp eq i8 %43, 0 br i1 %44, label %63, label %45 store i8 0, i8* %42, align 8 %46 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %47 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %46, align 8 %48 = icmp eq %struct.snd_pcm_ops.734296* %47, null br i1 %48, label %55, label %49 %50 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %47, i64 0, i32 7 %51 = load i32 (%struct.snd_pcm_substream.734306*)*, i32 (%struct.snd_pcm_substream.734306*)** %50, align 8 %52 = icmp eq i32 (%struct.snd_pcm_substream.734306*)* %51, null br i1 %52, label %55, label %53 %56 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %57 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %56, i64 0, i32 0 %58 = load %struct.snd_card*, %struct.snd_card** %57, align 8 %59 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %58, i64 0, i32 33 %60 = load i32, i32* %59, align 4 %61 = icmp sgt i32 %60, 0 br i1 %61, label %62, label %63 tail call void @synchronize_irq(i32 %60) #76 ------------- Use: =BAD PATH= Call Stack: 0 intel_synchronize_irq 1 intel_guc_log_relay_close 2 guc_log_relay_release ------------- Path:  Function:guc_log_relay_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.intel_guc_log.515193** %5 = load %struct.intel_guc_log.515193*, %struct.intel_guc_log.515193** %4, align 8 tail call void bitcast (void (%struct.intel_guc_log.444687*)* @intel_guc_log_relay_close to void (%struct.intel_guc_log.515193*)*)(%struct.intel_guc_log.515193* %5) #76 Function:intel_guc_log_relay_close %2 = getelementptr %struct.intel_guc_log.444687, %struct.intel_guc_log.444687* %0, i64 -1, i32 2, i32 4 %3 = getelementptr inbounds %struct.intel_guc_log.444687, %struct.intel_guc_log.444687* %0, i64 0, i32 2, i32 1 %4 = load i8, i8* %3, align 8, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %19, label %6 %7 = getelementptr %struct.mutex, %struct.mutex* %2, i64 -1 %8 = bitcast %struct.mutex* %2 to %struct.intel_guc.444700* %9 = bitcast %struct.mutex* %7 to %struct.drm_i915_private.444680** %10 = load %struct.drm_i915_private.444680*, %struct.drm_i915_private.444680** %9, align 8 %11 = getelementptr inbounds %struct.mutex, %struct.mutex* %2, i64 16 %12 = bitcast %struct.mutex* %11 to %struct.raw_spinlock* tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #76 %13 = getelementptr inbounds %struct.intel_guc.444700, %struct.intel_guc.444700* %8, i64 0, i32 7 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, -11 store i32 %15, i32* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = bitcast %struct.mutex* %11 to i8* store volatile i8 0, i8* %16, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.drm_i915_private.417433*)* @intel_synchronize_irq to void (%struct.drm_i915_private.444680*)*)(%struct.drm_i915_private.444680* %10) #76 Function:intel_synchronize_irq %2 = getelementptr inbounds %struct.drm_i915_private.417433, %struct.drm_i915_private.417433* %0, i64 0, i32 0, i32 2 %3 = bitcast %struct.device** %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr i8, i8* %4, i64 732 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 4 tail call void @synchronize_irq(i32 %7) #76 ------------- Good: 92 Bad: 3 Ignored: 87 Check Use of Function:tg3_switch_clocks Check Use of Function:tg3_reset_hw Check Use of Function:tg3_halt Check Use of Function:tg3_restart_hw Check Use of Function:tg3_read_indirect_reg32 Check Use of Function:netif_tx_wake_queue Check Use of Function:iowrite8 Check Use of Function:ioread8 Check Use of Function:e1000_clean_rx_ring Check Use of Function:e1000_phy_reset Check Use of Function:e1000_open Check Use of Function:shmem_unlink Use: =BAD PATH= Call Stack: 0 shmem_rmdir ------------- Path:  Function:shmem_rmdir %3 = tail call i32 bitcast (i32 (%struct.dentry.153259*)* @simple_empty to i32 (%struct.dentry*)*)(%struct.dentry* %1) #76 %4 = icmp eq i32 %3, 0 br i1 %4, label %9, label %5 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 tail call void bitcast (void (%struct.inode.149921*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* %7) #76 tail call void bitcast (void (%struct.inode.149921*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* %0) #76 %8 = tail call i32 @shmem_unlink(%struct.inode* %0, %struct.dentry* %1) #77 ------------- Use: =BAD PATH= Call Stack: 0 shmem_rename2 ------------- Path:  Function:shmem_rename2 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 0 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, -4096 %12 = icmp eq i16 %11, 16384 %13 = icmp ult i32 %5, 8 br i1 %13, label %14, label %101 %15 = and i32 %5, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %53, label %17 %54 = tail call i32 bitcast (i32 (%struct.dentry.153259*)* @simple_empty to i32 (%struct.dentry*)*)(%struct.dentry* %4) #76 %55 = icmp eq i32 %54, 0 br i1 %55, label %101, label %56 %57 = and i32 %5, 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %60 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 3 %61 = load %struct.dentry*, %struct.dentry** %60, align 8 %62 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %63 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %61, %struct.qstr* %62) #76 %64 = icmp eq %struct.dentry* %63, null br i1 %64, label %101, label %65 %66 = tail call i32 @shmem_mknod(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %1, %struct.dentry* nonnull %63, i16 zeroext 8192, i32 0) #76 tail call void bitcast (void (%struct.dentry.149376*)* @dput to void (%struct.dentry*)*)(%struct.dentry* nonnull %63) #76 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %101 tail call void bitcast (void (%struct.dentry.149376*)* @d_rehash to void (%struct.dentry*)*)(%struct.dentry* nonnull %63) #76 br label %69 %70 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %71 = load %struct.inode*, %struct.inode** %70, align 8 %72 = icmp eq %struct.inode* %71, null br i1 %72, label %77, label %73 %74 = tail call i32 @shmem_unlink(%struct.inode* %3, %struct.dentry* %4) #77 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:e1000_read_phy_reg Check Use of Function:e1000e_reset Check Use of Function:e1000e_reset_interrupt_capability Check Use of Function:usleep_range_state Check Use of Function:__ew32 Check Use of Function:e1000_update_phy_info_task Check Use of Function:e1000_configure_k1_ich8lan Check Use of Function:msleep_interruptible Use: =BAD PATH= Call Stack: 0 uart_wait_until_sent ------------- Path:  Function:uart_wait_until_sent %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 3, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %96, label %9, !prof !4, !misexpect !5 %10 = phi i32 [ %17, %16 ], [ %7, %2 ] %11 = add i32 %10, 1 %12 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %11, i32* %6, i32 %10) #6, !srcloc !6 %13 = extractvalue { i8, i32 } %12, 0 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %16, label %19, !prof !4, !misexpect !5 %20 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 5 %21 = load %struct.uart_port*, %struct.uart_port** %20, align 8 %22 = icmp eq %struct.uart_port* %21, null br i1 %22, label %96, label %23 %24 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 38 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 %28 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 23 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %41 %42 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 37 %43 = load i32, i32* %42, align 8 %44 = add i32 %43, -20 %45 = udiv i32 %44, %29 %46 = udiv i32 %45, 5 %47 = icmp ult i32 %45, 5 %48 = select i1 %47, i32 1, i32 %46 %49 = zext i32 %48 to i64 %50 = icmp eq i32 %1, 0 %51 = sext i32 %1 to i64 %52 = icmp ult i64 %51, %49 %53 = select i1 %52, i64 %51, i64 %49 %54 = select i1 %50, i64 %49, i64 %53 %55 = shl i32 %43, 1 %56 = add i32 %1, -1 %57 = icmp ult i32 %56, %55 %58 = select i1 %57, i32 %1, i32 %55 %59 = load volatile i64, i64* @jiffies, align 64 %60 = sext i32 %58 to i64 %61 = add i64 %59, %60 %62 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 39 br label %63 %64 = load %struct.uart_ops*, %struct.uart_ops** %62, align 8 %65 = getelementptr inbounds %struct.uart_ops, %struct.uart_ops* %64, i64 0, i32 0 %66 = load i32 (%struct.uart_port*)*, i32 (%struct.uart_port*)** %65, align 8 %67 = tail call i32 %66(%struct.uart_port* nonnull %21) #76 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %86 %70 = tail call i32 @jiffies_to_msecs(i64 %54) #76 %71 = tail call i64 @msleep_interruptible(i32 %70) #76 ------------- Good: 17 Bad: 1 Ignored: 2 Check Use of Function:e1000e_open Check Use of Function:e1000e_set_interrupt_capability Check Use of Function:e1000_request_irq Check Use of Function:pci_enable_msi Check Use of Function:e1000e_release_hw_control Check Use of Function:e1000_clean_rx_ring.52466 Check Use of Function:unregister_netdev Check Use of Function:dev_close Check Use of Function:sky2_set_multicast Check Use of Function:nv_set_loopback Check Use of Function:nv_free_irq Check Use of Function:nv_request_irq Check Use of Function:disable_irq Check Use of Function:nv_init_ring Check Use of Function:is_vmalloc_addr Use: =BAD PATH= Call Stack: 0 netlink_deliver_tap 1 netlink_sendskb 2 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #76 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.269026* %63 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.241582*)* @key_put to void (%struct.key.269026*)*)(%struct.key.269026* %62) #76 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.269026* call void bitcast (void (%struct.key.241582*)* @key_put to void (%struct.key.269026*)*)(%struct.key.269026* %70) #76 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #76 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #76 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.269026* %63 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.241582*)* @key_put to void (%struct.key.269026*)*)(%struct.key.269026* %62) #76 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.269026* call void bitcast (void (%struct.key.241582*)* @key_put to void (%struct.key.269026*)*)(%struct.key.269026* %70) #76 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #76 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_update_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %27 = inttoptr i64 %9 to i8* %28 = tail call i64 @keyctl_update_key(i32 %17, i8* %27, i64 %12) #76 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #76 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %26 = phi i8* [ %8, %10 ], [ %14, %17 ], [ %14, %19 ] %27 = phi i64 [ -14, %10 ], [ %18, %17 ], [ %21, %19 ] tail call void @kvfree_sensitive(i8* %26, i64 %2) #76 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_update_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #76 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #76 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %26 = phi i8* [ %8, %10 ], [ %14, %17 ], [ %14, %19 ] %27 = phi i64 [ -14, %10 ], [ %18, %17 ], [ %21, %19 ] tail call void @kvfree_sensitive(i8* %26, i64 %2) #76 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_update_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #76 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #76 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %26 = phi i8* [ %8, %10 ], [ %14, %17 ], [ %14, %19 ] %27 = phi i64 [ -14, %10 ], [ %18, %17 ], [ %21, %19 ] tail call void @kvfree_sensitive(i8* %26, i64 %2) #76 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #76 ------------- Good: 414 Bad: 7 Ignored: 341 Check Use of Function:dma_map_page_attrs Check Use of Function:nv_stop_rxtx Check Use of Function:bus_register Check Use of Function:enable_irq Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 __pm_runtime_suspend 3 __intel_runtime_pm_put 4 intel_runtime_pm_put_unchecked 5 intel_rps_read_punit_req_frequency 6 intel_rps_get_requested_frequency 7 gt_cur_freq_mhz_show ------------- Path:  Function:gt_cur_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.422916** %8 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.422916, %struct.drm_i915_private.422916* %8, i64 0, i32 102, i32 18 %10 = tail call i32 @intel_rps_get_requested_frequency(%struct.intel_rps* %9) #76 Function:intel_rps_get_requested_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 3, i32 1 %3 = bitcast %struct.list_head** %2 to %struct.intel_uc.448343* %4 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 0, i32 1, i32 0 %5 = load i32, i32* %4, align 4 %6 = icmp sgt i32 %5, 4 br i1 %6, label %7, label %17 %8 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 14 %9 = load i8, i8* %8, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 3, i32 3 %13 = load i8, i8* %12, align 1, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %16 = tail call i32 @intel_rps_read_punit_req_frequency(%struct.intel_rps* %0) #76 Function:intel_rps_read_punit_req_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 1 %3 = bitcast %struct.raw_spinlock* %2 to %struct.intel_uncore.448200** %4 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %5 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 2 %6 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %5, align 8 %7 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %6) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %14, label %9 %10 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 8, i32 6 %11 = load i32 (%struct.intel_uncore.448200*, i32, i1)*, i32 (%struct.intel_uncore.448200*, i32, i1)** %10, align 8 %12 = tail call i32 %11(%struct.intel_uncore.448200* %4, i32 40968, i1 zeroext true) #76 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %6) #76 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #76 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39146, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "413:\0A\09.pushsection .discard.reachable\0A\09.long 413b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39148, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "414:\0A\09.pushsection .discard.reachable\0A\09.long 414b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39151, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "415:\0A\09.pushsection .discard.reachable\0A\09.long 415b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #76 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #76 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #77 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 __pm_runtime_suspend 3 __intel_runtime_pm_put 4 intel_runtime_pm_put_unchecked 5 intel_rps_read_actual_frequency 6 gt_act_freq_mhz_show ------------- Path:  Function:gt_act_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.422916** %8 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.422916, %struct.drm_i915_private.422916* %8, i64 0, i32 102, i32 18 %10 = tail call i32 @intel_rps_read_actual_frequency(%struct.intel_rps* %9) #76 Function:intel_rps_read_actual_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 1 %3 = bitcast %struct.raw_spinlock* %2 to %struct.intel_uncore.448200** %4 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %5 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 2 %6 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %5, align 8 %7 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %6) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %112, label %9 %10 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22 %11 = bitcast %struct.anon.189.415496* %10 to %struct.drm_i915_private.448538** %12 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 13 %13 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 14 %14 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 20 %15 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %11, align 8 %16 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %17 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %15, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 9437184 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %15, i64 0, i32 3, i32 0 %25 = load i8, i8* %24, align 8 %26 = icmp ugt i8 %25, 5 %27 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %16, i64 0, i32 8, i32 6 %28 = load i32 (%struct.intel_uncore.448200*, i32, i1)*, i32 (%struct.intel_uncore.448200*, i32, i1)** %27, align 8 br i1 %26, label %29, label %31 %32 = tail call i32 %28(%struct.intel_uncore.448200* %16, i32 70136, i1 zeroext true) #76 br label %33 %34 = phi i32 [ %22, %21 ], [ %30, %29 ], [ %32, %31 ] %35 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %11, align 8 %36 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %35, i64 0, i32 4, i32 0, i64 0 %37 = load i32, i32* %36, align 4 %38 = zext i32 %37 to i64 %39 = and i64 %38, 9437184 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %67 %42 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %35, i64 0, i32 3, i32 0 %43 = load i8, i8* %42, align 8 %44 = icmp ugt i8 %43, 8 br i1 %44, label %45, label %47 %46 = lshr i32 %34, 23 br label %73 %74 = phi i32 [ %46, %45 ], [ %69, %67 ] %75 = mul nuw nsw i32 %74, 50 %76 = icmp eq i32 %74, 0 %77 = or i32 %75, 1 %78 = add nsw i32 %75, -1 %79 = select i1 %76, i32 %78, i32 %77 %80 = sdiv i32 %79, 3 br label %110 %111 = phi i32 [ %109, %106 ], [ %80, %73 ], [ %93, %86 ], [ %105, %97 ] tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %6) #76 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #76 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39146, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "413:\0A\09.pushsection .discard.reachable\0A\09.long 413b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39148, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "414:\0A\09.pushsection .discard.reachable\0A\09.long 414b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39151, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "415:\0A\09.pushsection .discard.reachable\0A\09.long 415b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #76 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #76 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #77 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 pm_runtime_set_autosuspend_delay 4 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.53834, i64 0, i64 0), i32* nonnull %5) #76 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void @pm_runtime_set_autosuspend_delay(%struct.device* %0, i32 %14) #77 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %23 %24 = icmp ne i16 %10, 0 %25 = icmp slt i32 %6, 0 %26 = and i1 %25, %24 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !5 br label %29 %30 = tail call fastcc i32 @rpm_idle(%struct.device* %0, i32 8) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 __rpm_callback 4 rpm_resume 5 __pm_runtime_resume 6 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.317892* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #76 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.317892* %7) #76 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 __rpm_callback 4 rpm_resume 5 __pm_runtime_resume 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.700572*, align 8 store %struct.bio.700572* %0, %struct.bio.700572** %2, align 8 %3 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 1 %4 = load %struct.block_device.700569*, %struct.block_device.700569** %3, align 8 %5 = getelementptr inbounds %struct.block_device.700569, %struct.block_device.700569* %4, i64 0, i32 16 %6 = load %struct.gendisk.700393*, %struct.gendisk.700393** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.700393, %struct.gendisk.700393* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #76 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.700572**)*)(%struct.bio.700572** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #76 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %37 = icmp eq %struct.device.295559* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %36, i32 1) #76 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #76 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #76 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %54 = icmp eq %struct.device.295559* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %53, i32 1) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 __rpm_callback 4 rpm_resume 5 __pm_runtime_resume 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.299652*, align 8 store %struct.bio.299652* %0, %struct.bio.299652** %2, align 8 %3 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 1 %8 = load %struct.block_device.299712*, %struct.block_device.299712** %7, align 8 %9 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %8, i64 0, i32 16 %10 = load %struct.gendisk.299710*, %struct.gendisk.299710** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.299652**)*)(%struct.bio.299652** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #76 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %37 = icmp eq %struct.device.295559* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %36, i32 1) #76 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #76 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #76 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %54 = icmp eq %struct.device.295559* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %53, i32 1) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 ------------- Good: 1031 Bad: 6 Ignored: 1037 Check Use of Function:dma_alloc_attrs Check Use of Function:rtl8139_hw_start Check Use of Function:dma_free_attrs Check Use of Function:napi_enable Check Use of Function:acpi_sleep_proc_init Check Use of Function:phy_set_max_speed Check Use of Function:phy_attached_info Check Use of Function:rtl8169_up Check Use of Function:rtl8169_do_counters Check Use of Function:pci_write_config_byte Check Use of Function:pci_dev_put Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46523, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.46524, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #76 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.317892* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #76 %323 = icmp eq %struct.pci_dev.317892* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.317892* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %331, align 8 %333 = icmp eq %struct.pci_dev.317892* %332, %325 br i1 %333, label %339, label %334 %340 = icmp eq %struct.vga_device* %330, null br i1 %340, label %341, label %344 %345 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 store %struct.pci_dev.317892* %325, %struct.pci_dev.317892** %345, align 8 %346 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 0, i32 0 %347 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %346, align 8 %348 = icmp eq %struct.pci_dev.317892* %347, %325 br i1 %348, label %360, label %349 %350 = icmp eq %struct.pci_dev.317892* %347, null br i1 %350, label %351, label %356 %357 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 1, i32 0 %358 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %357, align 8 %359 = icmp eq %struct.pci_dev.317892* %358, %325 br i1 %359, label %360, label %526 %527 = icmp eq %struct.pci_dev.317892* %358, null br i1 %527, label %351, label %528 %529 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 2, i32 0 %530 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %529, align 8 %531 = icmp eq %struct.pci_dev.317892* %530, %325 br i1 %531, label %360, label %532 %533 = icmp eq %struct.pci_dev.317892* %530, null br i1 %533, label %351, label %534 %535 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 3, i32 0 %536 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %535, align 8 %537 = icmp eq %struct.pci_dev.317892* %536, %325 br i1 %537, label %360, label %538 %539 = icmp eq %struct.pci_dev.317892* %536, null br i1 %539, label %351, label %540 %541 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 4, i32 0 %542 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %541, align 8 %543 = icmp eq %struct.pci_dev.317892* %542, %325 br i1 %543, label %360, label %544 %545 = icmp eq %struct.pci_dev.317892* %542, null br i1 %545, label %351, label %546 %547 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 5, i32 0 %548 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %547, align 8 %549 = icmp eq %struct.pci_dev.317892* %548, %325 br i1 %549, label %360, label %550 %551 = icmp eq %struct.pci_dev.317892* %548, null br i1 %551, label %351, label %552 %553 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 6, i32 0 %554 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %553, align 8 %555 = icmp eq %struct.pci_dev.317892* %554, %325 br i1 %555, label %360, label %556 %557 = icmp eq %struct.pci_dev.317892* %554, null br i1 %557, label %351, label %558 %559 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 7, i32 0 %560 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %559, align 8 %561 = icmp eq %struct.pci_dev.317892* %560, %325 br i1 %561, label %360, label %562 %563 = icmp eq %struct.pci_dev.317892* %560, null br i1 %563, label %351, label %564 %565 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 8, i32 0 %566 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %565, align 8 %567 = icmp eq %struct.pci_dev.317892* %566, %325 br i1 %567, label %360, label %568 %569 = icmp eq %struct.pci_dev.317892* %566, null br i1 %569, label %351, label %570 %571 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 9, i32 0 %572 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %571, align 8 %573 = icmp eq %struct.pci_dev.317892* %572, %325 br i1 %573, label %360, label %574 %575 = icmp eq %struct.pci_dev.317892* %572, null br i1 %575, label %351, label %576 %577 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 10, i32 0 %578 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %577, align 8 %579 = icmp eq %struct.pci_dev.317892* %578, %325 br i1 %579, label %360, label %580 %581 = icmp eq %struct.pci_dev.317892* %578, null br i1 %581, label %351, label %582 %583 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 11, i32 0 %584 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %583, align 8 %585 = icmp eq %struct.pci_dev.317892* %584, %325 br i1 %585, label %360, label %586 %587 = icmp eq %struct.pci_dev.317892* %584, null br i1 %587, label %351, label %588 %589 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 12, i32 0 %590 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %589, align 8 %591 = icmp eq %struct.pci_dev.317892* %590, %325 br i1 %591, label %360, label %592 %593 = icmp eq %struct.pci_dev.317892* %590, null br i1 %593, label %351, label %594 %595 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 13, i32 0 %596 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %595, align 8 %597 = icmp eq %struct.pci_dev.317892* %596, %325 br i1 %597, label %360, label %598 %599 = icmp eq %struct.pci_dev.317892* %596, null br i1 %599, label %351, label %600 %601 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 14, i32 0 %602 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %601, align 8 %603 = icmp eq %struct.pci_dev.317892* %602, %325 br i1 %603, label %360, label %604 %605 = icmp eq %struct.pci_dev.317892* %602, null br i1 %605, label %351, label %606 %607 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 15, i32 0 %608 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %607, align 8 %609 = icmp eq %struct.pci_dev.317892* %608, %325 br i1 %609, label %360, label %610 %611 = icmp eq %struct.pci_dev.317892* %608, null br i1 %611, label %351, label %361 call void @pci_dev_put(%struct.pci_dev.317892* %325) #76 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46523, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.46524, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #76 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.317892* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #76 %323 = icmp eq %struct.pci_dev.317892* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.317892* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %331, align 8 %333 = icmp eq %struct.pci_dev.317892* %332, %325 br i1 %333, label %339, label %334 %340 = icmp eq %struct.vga_device* %330, null br i1 %340, label %341, label %344 %345 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 store %struct.pci_dev.317892* %325, %struct.pci_dev.317892** %345, align 8 %346 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 0, i32 0 %347 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %346, align 8 %348 = icmp eq %struct.pci_dev.317892* %347, %325 br i1 %348, label %360, label %349 %350 = icmp eq %struct.pci_dev.317892* %347, null br i1 %350, label %351, label %356 %357 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 1, i32 0 %358 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %357, align 8 %359 = icmp eq %struct.pci_dev.317892* %358, %325 br i1 %359, label %360, label %526 %527 = icmp eq %struct.pci_dev.317892* %358, null br i1 %527, label %351, label %528 %529 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 2, i32 0 %530 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %529, align 8 %531 = icmp eq %struct.pci_dev.317892* %530, %325 br i1 %531, label %360, label %532 %533 = icmp eq %struct.pci_dev.317892* %530, null br i1 %533, label %351, label %534 %535 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 3, i32 0 %536 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %535, align 8 %537 = icmp eq %struct.pci_dev.317892* %536, %325 br i1 %537, label %360, label %538 %539 = icmp eq %struct.pci_dev.317892* %536, null br i1 %539, label %351, label %540 %541 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 4, i32 0 %542 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %541, align 8 %543 = icmp eq %struct.pci_dev.317892* %542, %325 br i1 %543, label %360, label %544 %545 = icmp eq %struct.pci_dev.317892* %542, null br i1 %545, label %351, label %546 %547 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 5, i32 0 %548 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %547, align 8 %549 = icmp eq %struct.pci_dev.317892* %548, %325 br i1 %549, label %360, label %550 %551 = icmp eq %struct.pci_dev.317892* %548, null br i1 %551, label %351, label %552 %553 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 6, i32 0 %554 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %553, align 8 %555 = icmp eq %struct.pci_dev.317892* %554, %325 br i1 %555, label %360, label %556 %557 = icmp eq %struct.pci_dev.317892* %554, null br i1 %557, label %351, label %558 %559 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 7, i32 0 %560 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %559, align 8 %561 = icmp eq %struct.pci_dev.317892* %560, %325 br i1 %561, label %360, label %562 %563 = icmp eq %struct.pci_dev.317892* %560, null br i1 %563, label %351, label %564 %565 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 8, i32 0 %566 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %565, align 8 %567 = icmp eq %struct.pci_dev.317892* %566, %325 br i1 %567, label %360, label %568 %569 = icmp eq %struct.pci_dev.317892* %566, null br i1 %569, label %351, label %570 %571 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 9, i32 0 %572 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %571, align 8 %573 = icmp eq %struct.pci_dev.317892* %572, %325 br i1 %573, label %360, label %574 %575 = icmp eq %struct.pci_dev.317892* %572, null br i1 %575, label %351, label %576 %577 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 10, i32 0 %578 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %577, align 8 %579 = icmp eq %struct.pci_dev.317892* %578, %325 br i1 %579, label %360, label %580 %581 = icmp eq %struct.pci_dev.317892* %578, null br i1 %581, label %351, label %582 %583 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 11, i32 0 %584 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %583, align 8 %585 = icmp eq %struct.pci_dev.317892* %584, %325 br i1 %585, label %360, label %586 %587 = icmp eq %struct.pci_dev.317892* %584, null br i1 %587, label %351, label %588 %589 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 12, i32 0 %590 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %589, align 8 %591 = icmp eq %struct.pci_dev.317892* %590, %325 br i1 %591, label %360, label %592 %593 = icmp eq %struct.pci_dev.317892* %590, null br i1 %593, label %351, label %594 %595 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 13, i32 0 %596 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %595, align 8 %597 = icmp eq %struct.pci_dev.317892* %596, %325 br i1 %597, label %360, label %598 %599 = icmp eq %struct.pci_dev.317892* %596, null br i1 %599, label %351, label %600 %601 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 14, i32 0 %602 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %601, align 8 %603 = icmp eq %struct.pci_dev.317892* %602, %325 br i1 %603, label %360, label %604 %605 = icmp eq %struct.pci_dev.317892* %602, null br i1 %605, label %351, label %606 %607 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 15, i32 0 %608 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %607, align 8 %609 = icmp eq %struct.pci_dev.317892* %608, %325 br i1 %609, label %360, label %610 %611 = icmp eq %struct.pci_dev.317892* %608, null br i1 %611, label %351, label %361 %352 = phi i64 [ 0, %349 ], [ 1, %526 ], [ 2, %532 ], [ 3, %538 ], [ 4, %544 ], [ 5, %550 ], [ 6, %556 ], [ 7, %562 ], [ 8, %568 ], [ 9, %574 ], [ 10, %580 ], [ 11, %586 ], [ 12, %592 ], [ 13, %598 ], [ 14, %604 ], [ 15, %610 ] %353 = phi %struct.pci_dev.317892** [ %346, %349 ], [ %357, %526 ], [ %529, %532 ], [ %535, %538 ], [ %541, %544 ], [ %547, %550 ], [ %553, %556 ], [ %559, %562 ], [ %565, %568 ], [ %571, %574 ], [ %577, %580 ], [ %583, %586 ], [ %589, %592 ], [ %595, %598 ], [ %601, %604 ], [ %607, %610 ] store %struct.pci_dev.317892* %325, %struct.pci_dev.317892** %353, align 8 %354 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 %352, i32 2 store i32 0, i32* %354, align 4 %355 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 %352, i32 1 store i32 0, i32* %355, align 8 br label %360 call void @pci_dev_put(%struct.pci_dev.317892* %325) #76 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46523, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.46524, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #76 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.317892* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #76 %323 = icmp eq %struct.pci_dev.317892* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.317892* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %331, align 8 %333 = icmp eq %struct.pci_dev.317892* %332, %325 br i1 %333, label %339, label %334 %335 = bitcast %struct.vga_device* %330 to %struct.vga_device** %336 = load %struct.vga_device*, %struct.vga_device** %335, align 8 %337 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %336, i64 0, i32 0 %338 = icmp eq %struct.list_head* %337, @vga_list br i1 %338, label %341, label %329 %342 = icmp eq %struct.pci_dev.317892* %325, null br i1 %342, label %362, label %343 call void @pci_dev_put(%struct.pci_dev.317892* nonnull %325) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_seq_stop ------------- Path:  Function:pci_seq_stop %3 = icmp eq i8* %1, null br i1 %3, label %6, label %4 %5 = bitcast i8* %1 to %struct.pci_dev.326387* tail call void bitcast (void (%struct.pci_dev.317892*)* @pci_dev_put to void (%struct.pci_dev.326387*)*)(%struct.pci_dev.326387* nonnull %5) #76 ------------- Good: 121 Bad: 4 Ignored: 6 Check Use of Function:yenta_probe_cb_irq Check Use of Function:xhci_run Check Use of Function:i8042_check_mux Check Use of Function:rtl_fw_release_firmware Check Use of Function:request_threaded_irq Check Use of Function:acpi_dev_clear_dependencies Check Use of Function:__i8042_command Check Use of Function:wait_for_completion_timeout Check Use of Function:bad_inode_rmdir Check Use of Function:azx_probe_codecs Check Use of Function:snd_card_disconnect Check Use of Function:__cleanup_nmi Check Use of Function:irq_chip_pm_put Check Use of Function:ring_buffer_nest_start Check Use of Function:netlink_ack Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #76 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #76 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #77 ------------- Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff*, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.751083*, i32 (%struct.sk_buff.751083*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.751083* %0, i32 (%struct.sk_buff.751083*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #76 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #76 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #77 ------------- Good: 16 Bad: 2 Ignored: 7 Check Use of Function:ring_buffer_lock_reserve Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %159 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 14 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %159, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = trunc i64 %17 to i32 %19 = add nuw nsw i64 %17, 18 %20 = icmp ult i64 %17, 9 %21 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %22 = load %struct.trace_buffer*, %struct.trace_buffer** %21, align 8 %23 = select i1 %20, i64 27, i64 %19 %24 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %25 = load i64, i64* %5, align 8 %26 = lshr i64 %25, 9 %27 = trunc i64 %26 to i32 %28 = and i32 %27, 1 %29 = xor i32 %28, 1 %30 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %31 = and i32 %30, 2147483647 %32 = zext i32 %31 to i64 %33 = and i64 %32, 15728640 %34 = icmp eq i64 %33, 0 %35 = or i32 %29, 64 %36 = select i1 %34, i32 %29, i32 %35 %37 = and i64 %32, 983040 %38 = icmp eq i64 %37, 0 %39 = or i32 %36, 8 %40 = select i1 %38, i32 %36, i32 %39 %41 = lshr i32 %30, 4 %42 = and i32 %41, 16 %43 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 0, i32 0 %46 = load volatile i64, i64* %45, align 8 %47 = lshr i64 %46, 1 %48 = trunc i64 %47 to i32 %49 = and i32 %48, 4 %50 = or i32 %49, %42 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %52 = and i32 %40, 65535 %53 = or i32 %50, %52 %54 = and i32 %30, 255 %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 32 %56 = load i16, i16* %55, align 8 %57 = zext i16 %56 to i32 %58 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.trace_buffer* %22, i64 %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %112 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 14 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %112, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = add nuw nsw i64 %20, 12 %22 = icmp ult i64 %20, 13 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.trace_buffer*, %struct.trace_buffer** %23, align 8 %25 = select i1 %22, i64 25, i64 %21 %26 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %27 = load i64, i64* %5, align 8 %28 = lshr i64 %27, 9 %29 = trunc i64 %28 to i32 %30 = and i32 %29, 1 %31 = xor i32 %30, 1 %32 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %33 = and i32 %32, 2147483647 %34 = zext i32 %33 to i64 %35 = and i64 %34, 15728640 %36 = icmp eq i64 %35, 0 %37 = or i32 %31, 64 %38 = select i1 %36, i32 %31, i32 %37 %39 = and i64 %34, 983040 %40 = icmp eq i64 %39, 0 %41 = or i32 %38, 8 %42 = select i1 %40, i32 %38, i32 %41 %43 = lshr i32 %32, 4 %44 = and i32 %43, 16 %45 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct* %47 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %46, i64 0, i32 0, i32 0 %48 = load volatile i64, i64* %47, align 8 %49 = lshr i64 %48, 1 %50 = trunc i64 %49 to i32 %51 = and i32 %50, 4 %52 = or i32 %51, %44 %53 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %54 = and i32 %42, 65535 %55 = or i32 %52, %54 %56 = and i32 %32, 255 %57 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %46, i64 0, i32 32 %58 = load i16, i16* %57, align 8 %59 = zext i16 %58 to i32 %60 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.trace_buffer* %24, i64 %25) #76 ------------- Good: 1744 Bad: 2 Ignored: 2056 Check Use of Function:ring_buffer_event_data Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 trace_find_next_entry 2 trace_print_lat_context 3 print_trace_line 4 s_show.11263 ------------- Path:  Function:s_show.11263 %3 = bitcast i8* %1 to %struct.trace_iterator* %4 = getelementptr inbounds i8, i8* %1, i64 8408 %5 = bitcast i8* %4 to %struct.trace_entry** %6 = load %struct.trace_entry*, %struct.trace_entry** %5, align 8 %7 = icmp eq %struct.trace_entry* %6, null br i1 %7, label %8, label %36 %37 = getelementptr inbounds i8, i8* %1, i64 8424 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %45, label %41 %46 = tail call i32 @print_trace_line(%struct.trace_iterator* %3) #77 Function:print_trace_line %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 0 %4 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %5 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %4, i64 0, i32 14 %6 = load i32, i32* %5, align 8 %7 = zext i32 %6 to i64 %8 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 17 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %28, label %11 %29 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 1 %30 = load %struct.tracer*, %struct.tracer** %29, align 8 %31 = icmp eq %struct.tracer* %30, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.tracer, %struct.tracer* %30, i64 0, i32 13 %34 = load i32 (%struct.trace_iterator*)*, i32 (%struct.trace_iterator*)** %33, align 8 %35 = icmp eq i32 (%struct.trace_iterator*)* %34, null br i1 %35, label %39, label %36 %37 = tail call i32 %34(%struct.trace_iterator* %0) #76 %38 = icmp eq i32 %37, 2 br i1 %38, label %39, label %285 %40 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 16 %41 = load %struct.trace_entry*, %struct.trace_entry** %40, align 8 %42 = getelementptr inbounds %struct.trace_entry, %struct.trace_entry* %41, i64 0, i32 0 %43 = load i16, i16* %42, align 4 %44 = icmp ne i16 %43, 14 %45 = and i64 %7, 4352 %46 = icmp ne i64 %45, 4352 %47 = or i1 %46, %44 br i1 %47, label %50, label %48 %51 = icmp ne i16 %43, 6 %52 = or i1 %46, %51 br i1 %52, label %55, label %53 %56 = icmp ne i16 %43, 5 %57 = or i1 %46, %56 br i1 %57, label %60, label %58 %61 = and i64 %7, 64 %62 = icmp eq i64 %61, 0 br i1 %62, label %99, label %63 %100 = and i64 %7, 32 %101 = icmp eq i64 %100, 0 br i1 %101, label %152, label %102 %153 = and i64 %7, 16 %154 = icmp eq i64 %153, 0 %155 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %156 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 15 %157 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %155, i64 0, i32 14 %158 = load i32, i32* %157, align 8 br i1 %154, label %200, label %159 %201 = and i32 %158, 7 %202 = and i32 %158, 512 %203 = icmp eq i32 %202, 0 br i1 %203, label %241, label %204 %205 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %206 = load i64, i64* %205, align 8 %207 = and i64 %206, 2 %208 = icmp eq i64 %207, 0 br i1 %208, label %241, label %209 %210 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 13, i64 0 %211 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 %212 = load i32, i32* %211, align 8 %213 = zext i32 %212 to i64 %214 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 %215 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %214, i64 %213) #6, !srcloc !4 %216 = and i8 %215, 1 %217 = icmp eq i8 %216, 0 br i1 %217, label %218, label %241 %219 = load i32, i32* %211, align 8 %220 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %221 = load %struct.array_buffer*, %struct.array_buffer** %220, align 8 %222 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %221, i64 0, i32 2 %223 = bitcast %struct.trace_array_cpu** %222 to i64* %224 = load i64, i64* %223, align 8 %225 = sext i32 %219 to i64 %226 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %225 %227 = load i64, i64* %226, align 8 %228 = add i64 %227, %224 %229 = inttoptr i64 %228 to %struct.trace_array_cpu* %230 = getelementptr inbounds %struct.trace_array_cpu, %struct.trace_array_cpu* %229, i64 0, i32 10 %231 = load i64, i64* %230, align 8 %232 = icmp eq i64 %231, 0 br i1 %232, label %233, label %241 %234 = zext i32 %219 to i64 %235 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %235, i64 %234) #6, !srcloc !5 %236 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 23 %237 = load i64, i64* %236, align 8 %238 = icmp sgt i64 %237, 1 br i1 %238, label %239, label %241 %240 = load i32, i32* %211, align 8 tail call void (%struct.trace_seq*, i8*, ...) @trace_seq_printf(%struct.trace_seq* %156, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.90.11256, i64 0, i64 0), i32 %240) #76 br label %241 %242 = load i16, i16* %42, align 4 %243 = zext i16 %242 to i32 %244 = tail call %struct.trace_event* bitcast (%struct.trace_event.105504* (i32)* @ftrace_find_event to %struct.trace_event* (i32)*)(i32 %243) #76 %245 = load i32, i32* %157, align 8 %246 = and i32 %245, 8192 %247 = icmp eq i32 %246, 0 br i1 %247, label %257, label %248 %249 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %250 = load i64, i64* %249, align 8 %251 = and i64 %250, 1 %252 = icmp eq i64 %251, 0 br i1 %252, label %255, label %253 %254 = tail call i32 bitcast (i32 (%struct.trace_iterator.105502*)* @trace_print_lat_context to i32 (%struct.trace_iterator*)*)(%struct.trace_iterator* %0) #76 Function:trace_print_lat_context %2 = alloca [16 x i8], align 16 %3 = alloca i64, align 8 %4 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.trace_iterator.105502, %struct.trace_iterator.105502* %0, i64 0, i32 0 %6 = load %struct.trace_array.105497*, %struct.trace_array.105497** %5, align 8 %7 = getelementptr inbounds %struct.trace_iterator.105502, %struct.trace_iterator.105502* %0, i64 0, i32 15 %8 = getelementptr inbounds %struct.trace_array.105497, %struct.trace_array.105497* %6, i64 0, i32 14 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 8 %11 = bitcast i64* %3 to i8* %12 = call %struct.trace_entry* bitcast (%struct.trace_entry* (%struct.trace_iterator*, i32*, i64*)* @trace_find_next_entry to %struct.trace_entry* (%struct.trace_iterator.105502*, i32*, i64*)*)(%struct.trace_iterator.105502* %0, i32* null, i64* nonnull %3) #76 Function:trace_find_next_entry %4 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 19 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, getelementptr inbounds ([128 x i8], [128 x i8]* @static_temp_buf, i64 0, i64 0) %9 = icmp sgt i32 %5, 128 %10 = and i1 %9, %8 br i1 %10, label %47, label %11 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 16 %13 = load %struct.trace_entry*, %struct.trace_entry** %12, align 8 %14 = icmp eq %struct.trace_entry* %13, null %15 = bitcast i8* %7 to %struct.trace_entry* %16 = icmp eq %struct.trace_entry* %13, %15 %17 = or i1 %14, %16 br i1 %17, label %45, label %18 %46 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %0, i32* %1, i64* null, i64* %2) #77 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %17 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %18 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 19 br label %96 %97 = phi %struct.trace_entry* [ %93, %92 ], [ null, %16 ] %98 = phi i64 [ %94, %92 ], [ 0, %16 ] %99 = phi i64 [ %89, %92 ], [ 0, %16 ] %100 = phi i32 [ %57, %92 ], [ -1, %16 ] %101 = phi i32 [ %95, %92 ], [ 0, %16 ] %102 = icmp eq %struct.trace_entry* %97, null br label %103 %104 = phi i32 [ %100, %96 ], [ %57, %83 ] br label %55 %56 = phi i32 [ %57, %60 ], [ %104, %103 ] %57 = call i32 @cpumask_next(i32 %56, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @tracing_buffer_mask, i64 0, i64 0)) #77 %58 = load i32, i32* @nr_cpu_ids, align 4 %59 = icmp ult i32 %57, %58 br i1 %59, label %60, label %105 %61 = call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %57) #76 br i1 %61, label %55, label %62 %63 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %17, align 8 %64 = icmp eq %struct.ring_buffer_iter** %63, null br i1 %64, label %74, label %65 %66 = sext i32 %57 to i64 %67 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %63, i64 %66 %68 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %67, align 8 %69 = icmp eq %struct.ring_buffer_iter* %68, null br i1 %69, label %74, label %70 %75 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %76 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %75, i64 0, i32 1 %77 = load %struct.trace_buffer*, %struct.trace_buffer** %76, align 8 %78 = call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %77, i32 %57, i64* nonnull %6, i64* nonnull %5) #76 br label %79 %80 = phi %struct.ring_buffer_event* [ %71, %70 ], [ %78, %74 ] %81 = icmp eq %struct.ring_buffer_event* %80, null br i1 %81, label %82, label %84 %85 = call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %80) #76 store i32 %85, i32* %18, align 4 %86 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %80) #76 ------------- Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 s_next.11262 ------------- Path:  Function:s_next.11262 %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = load i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.trace_iterator* %7 = load i64, i64* %2, align 8 %8 = getelementptr inbounds i8, i8* %5, i64 8424 %9 = bitcast i8* %8 to i32* %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12, !prof !4, !misexpect !5 %15 = phi i64 [ %7, %3 ], [ %13, %12 ] %16 = add i64 %15, 1 store i64 %16, i64* %2, align 8 %17 = getelementptr inbounds i8, i8* %5, i64 8456 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = shl i64 %7, 32 %21 = ashr exact i64 %20, 32 %22 = icmp sgt i64 %19, %21 br i1 %22, label %103, label %23 %24 = icmp slt i64 %19, 0 br i1 %24, label %25, label %57 %26 = getelementptr inbounds i8, i8* %5, i64 8432 %27 = bitcast i8* %26 to i32* %28 = getelementptr inbounds i8, i8* %5, i64 8416 %29 = bitcast i8* %28 to i64* %30 = getelementptr inbounds i8, i8* %5, i64 8440 %31 = bitcast i8* %30 to i64* %32 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %27, i64* %29, i64* %31) #76 %33 = getelementptr inbounds i8, i8* %5, i64 8408 %34 = bitcast i8* %33 to %struct.trace_entry** store %struct.trace_entry* %32, %struct.trace_entry** %34, align 8 %35 = icmp eq %struct.trace_entry* %32, null br i1 %35, label %98, label %36 %37 = getelementptr inbounds i8, i8* %5, i64 72 %38 = bitcast i8* %37 to %struct.ring_buffer_iter*** %39 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %38, align 8 %40 = icmp eq %struct.ring_buffer_iter** %39, null br i1 %40, label %41, label %44 %45 = load i32, i32* %27, align 8 %46 = sext i32 %45 to i64 %47 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %39, i64 %46 %48 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %47, align 8 %49 = load i64, i64* %18, align 8 %50 = add i64 %49, 1 store i64 %50, i64* %18, align 8 %51 = icmp eq %struct.ring_buffer_iter* %48, null br i1 %51, label %57, label %52 tail call void @ring_buffer_iter_advance(%struct.ring_buffer_iter* nonnull %48) #76 %53 = load %struct.trace_entry*, %struct.trace_entry** %34, align 8 %54 = icmp eq %struct.trace_entry* %53, null %55 = icmp eq i8* %5, null %56 = or i1 %54, %55 br i1 %56, label %98, label %59 %60 = getelementptr inbounds i8, i8* %5, i64 8432 %61 = bitcast i8* %60 to i32* %62 = getelementptr inbounds i8, i8* %5, i64 8416 %63 = bitcast i8* %62 to i64* %64 = getelementptr inbounds i8, i8* %5, i64 8440 %65 = bitcast i8* %64 to i64* %66 = getelementptr inbounds i8, i8* %5, i64 8408 %67 = bitcast i8* %66 to %struct.trace_entry** %68 = getelementptr inbounds i8, i8* %5, i64 72 %69 = bitcast i8* %68 to %struct.ring_buffer_iter*** %70 = icmp eq i8* %5, null %71 = load i64, i64* %18, align 8 %72 = icmp slt i64 %71, %21 br i1 %72, label %77, label %98 %78 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %61, i64* %63, i64* %65) #76 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %17 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %18 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 19 br label %96 %97 = phi %struct.trace_entry* [ %93, %92 ], [ null, %16 ] %98 = phi i64 [ %94, %92 ], [ 0, %16 ] %99 = phi i64 [ %89, %92 ], [ 0, %16 ] %100 = phi i32 [ %57, %92 ], [ -1, %16 ] %101 = phi i32 [ %95, %92 ], [ 0, %16 ] %102 = icmp eq %struct.trace_entry* %97, null br label %103 %104 = phi i32 [ %100, %96 ], [ %57, %83 ] br label %55 %56 = phi i32 [ %57, %60 ], [ %104, %103 ] %57 = call i32 @cpumask_next(i32 %56, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @tracing_buffer_mask, i64 0, i64 0)) #77 %58 = load i32, i32* @nr_cpu_ids, align 4 %59 = icmp ult i32 %57, %58 br i1 %59, label %60, label %105 %61 = call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %57) #76 br i1 %61, label %55, label %62 %63 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %17, align 8 %64 = icmp eq %struct.ring_buffer_iter** %63, null br i1 %64, label %74, label %65 %66 = sext i32 %57 to i64 %67 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %63, i64 %66 %68 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %67, align 8 %69 = icmp eq %struct.ring_buffer_iter* %68, null br i1 %69, label %74, label %70 %75 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %76 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %75, i64 0, i32 1 %77 = load %struct.trace_buffer*, %struct.trace_buffer** %76, align 8 %78 = call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %77, i32 %57, i64* nonnull %6, i64* nonnull %5) #76 br label %79 %80 = phi %struct.ring_buffer_event* [ %71, %70 ], [ %78, %74 ] %81 = icmp eq %struct.ring_buffer_event* %80, null br i1 %81, label %82, label %84 %85 = call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %80) #76 store i32 %85, i32* %18, align 4 %86 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %80) #76 ------------- Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 trace_find_next_entry 2 trace_print_lat_context 3 print_trace_line 4 s_show.11263 ------------- Path:  Function:s_show.11263 %3 = bitcast i8* %1 to %struct.trace_iterator* %4 = getelementptr inbounds i8, i8* %1, i64 8408 %5 = bitcast i8* %4 to %struct.trace_entry** %6 = load %struct.trace_entry*, %struct.trace_entry** %5, align 8 %7 = icmp eq %struct.trace_entry* %6, null br i1 %7, label %8, label %36 %37 = getelementptr inbounds i8, i8* %1, i64 8424 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %45, label %41 %46 = tail call i32 @print_trace_line(%struct.trace_iterator* %3) #77 Function:print_trace_line %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 0 %4 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %5 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %4, i64 0, i32 14 %6 = load i32, i32* %5, align 8 %7 = zext i32 %6 to i64 %8 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 17 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %28, label %11 %29 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 1 %30 = load %struct.tracer*, %struct.tracer** %29, align 8 %31 = icmp eq %struct.tracer* %30, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.tracer, %struct.tracer* %30, i64 0, i32 13 %34 = load i32 (%struct.trace_iterator*)*, i32 (%struct.trace_iterator*)** %33, align 8 %35 = icmp eq i32 (%struct.trace_iterator*)* %34, null br i1 %35, label %39, label %36 %37 = tail call i32 %34(%struct.trace_iterator* %0) #76 %38 = icmp eq i32 %37, 2 br i1 %38, label %39, label %285 %40 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 16 %41 = load %struct.trace_entry*, %struct.trace_entry** %40, align 8 %42 = getelementptr inbounds %struct.trace_entry, %struct.trace_entry* %41, i64 0, i32 0 %43 = load i16, i16* %42, align 4 %44 = icmp ne i16 %43, 14 %45 = and i64 %7, 4352 %46 = icmp ne i64 %45, 4352 %47 = or i1 %46, %44 br i1 %47, label %50, label %48 %51 = icmp ne i16 %43, 6 %52 = or i1 %46, %51 br i1 %52, label %55, label %53 %56 = icmp ne i16 %43, 5 %57 = or i1 %46, %56 br i1 %57, label %60, label %58 %61 = and i64 %7, 64 %62 = icmp eq i64 %61, 0 br i1 %62, label %99, label %63 %100 = and i64 %7, 32 %101 = icmp eq i64 %100, 0 br i1 %101, label %152, label %102 %153 = and i64 %7, 16 %154 = icmp eq i64 %153, 0 %155 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %156 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 15 %157 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %155, i64 0, i32 14 %158 = load i32, i32* %157, align 8 br i1 %154, label %200, label %159 %201 = and i32 %158, 7 %202 = and i32 %158, 512 %203 = icmp eq i32 %202, 0 br i1 %203, label %241, label %204 %205 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %206 = load i64, i64* %205, align 8 %207 = and i64 %206, 2 %208 = icmp eq i64 %207, 0 br i1 %208, label %241, label %209 %210 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 13, i64 0 %211 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 %212 = load i32, i32* %211, align 8 %213 = zext i32 %212 to i64 %214 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 %215 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %214, i64 %213) #6, !srcloc !4 %216 = and i8 %215, 1 %217 = icmp eq i8 %216, 0 br i1 %217, label %218, label %241 %219 = load i32, i32* %211, align 8 %220 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %221 = load %struct.array_buffer*, %struct.array_buffer** %220, align 8 %222 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %221, i64 0, i32 2 %223 = bitcast %struct.trace_array_cpu** %222 to i64* %224 = load i64, i64* %223, align 8 %225 = sext i32 %219 to i64 %226 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %225 %227 = load i64, i64* %226, align 8 %228 = add i64 %227, %224 %229 = inttoptr i64 %228 to %struct.trace_array_cpu* %230 = getelementptr inbounds %struct.trace_array_cpu, %struct.trace_array_cpu* %229, i64 0, i32 10 %231 = load i64, i64* %230, align 8 %232 = icmp eq i64 %231, 0 br i1 %232, label %233, label %241 %234 = zext i32 %219 to i64 %235 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %235, i64 %234) #6, !srcloc !5 %236 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 23 %237 = load i64, i64* %236, align 8 %238 = icmp sgt i64 %237, 1 br i1 %238, label %239, label %241 %240 = load i32, i32* %211, align 8 tail call void (%struct.trace_seq*, i8*, ...) @trace_seq_printf(%struct.trace_seq* %156, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.90.11256, i64 0, i64 0), i32 %240) #76 br label %241 %242 = load i16, i16* %42, align 4 %243 = zext i16 %242 to i32 %244 = tail call %struct.trace_event* bitcast (%struct.trace_event.105504* (i32)* @ftrace_find_event to %struct.trace_event* (i32)*)(i32 %243) #76 %245 = load i32, i32* %157, align 8 %246 = and i32 %245, 8192 %247 = icmp eq i32 %246, 0 br i1 %247, label %257, label %248 %249 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %250 = load i64, i64* %249, align 8 %251 = and i64 %250, 1 %252 = icmp eq i64 %251, 0 br i1 %252, label %255, label %253 %254 = tail call i32 bitcast (i32 (%struct.trace_iterator.105502*)* @trace_print_lat_context to i32 (%struct.trace_iterator*)*)(%struct.trace_iterator* %0) #76 Function:trace_print_lat_context %2 = alloca [16 x i8], align 16 %3 = alloca i64, align 8 %4 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.trace_iterator.105502, %struct.trace_iterator.105502* %0, i64 0, i32 0 %6 = load %struct.trace_array.105497*, %struct.trace_array.105497** %5, align 8 %7 = getelementptr inbounds %struct.trace_iterator.105502, %struct.trace_iterator.105502* %0, i64 0, i32 15 %8 = getelementptr inbounds %struct.trace_array.105497, %struct.trace_array.105497* %6, i64 0, i32 14 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 8 %11 = bitcast i64* %3 to i8* %12 = call %struct.trace_entry* bitcast (%struct.trace_entry* (%struct.trace_iterator*, i32*, i64*)* @trace_find_next_entry to %struct.trace_entry* (%struct.trace_iterator.105502*, i32*, i64*)*)(%struct.trace_iterator.105502* %0, i32* null, i64* nonnull %3) #76 Function:trace_find_next_entry %4 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 19 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, getelementptr inbounds ([128 x i8], [128 x i8]* @static_temp_buf, i64 0, i64 0) %9 = icmp sgt i32 %5, 128 %10 = and i1 %9, %8 br i1 %10, label %47, label %11 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 16 %13 = load %struct.trace_entry*, %struct.trace_entry** %12, align 8 %14 = icmp eq %struct.trace_entry* %13, null %15 = bitcast i8* %7 to %struct.trace_entry* %16 = icmp eq %struct.trace_entry* %13, %15 %17 = or i1 %14, %16 br i1 %17, label %45, label %18 %46 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %0, i32* %1, i64* null, i64* %2) #77 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %20 = tail call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %13) #76 br i1 %20, label %114, label %21 %22 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %23 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %22, align 8 %24 = icmp eq %struct.ring_buffer_iter** %23, null br i1 %24, label %36, label %25 %26 = zext i32 %13 to i64 %27 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %23, i64 %26 %28 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %27, align 8 %29 = icmp eq %struct.ring_buffer_iter* %28, null br i1 %29, label %36, label %30 %37 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %38 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %37, i64 0, i32 1 %39 = load %struct.trace_buffer*, %struct.trace_buffer** %38, align 8 %40 = tail call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %39, i32 %13, i64* %3, i64* %2) #76 br label %41 %42 = phi %struct.ring_buffer_event* [ %31, %33 ], [ %31, %30 ], [ %40, %36 ] %43 = icmp eq %struct.ring_buffer_event* %42, null br i1 %43, label %49, label %44 %45 = tail call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %42) #76 %46 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 19 store i32 %45, i32* %46, align 4 %47 = tail call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 s_next.11262 ------------- Path:  Function:s_next.11262 %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = load i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.trace_iterator* %7 = load i64, i64* %2, align 8 %8 = getelementptr inbounds i8, i8* %5, i64 8424 %9 = bitcast i8* %8 to i32* %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12, !prof !4, !misexpect !5 %15 = phi i64 [ %7, %3 ], [ %13, %12 ] %16 = add i64 %15, 1 store i64 %16, i64* %2, align 8 %17 = getelementptr inbounds i8, i8* %5, i64 8456 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = shl i64 %7, 32 %21 = ashr exact i64 %20, 32 %22 = icmp sgt i64 %19, %21 br i1 %22, label %103, label %23 %24 = icmp slt i64 %19, 0 br i1 %24, label %25, label %57 %26 = getelementptr inbounds i8, i8* %5, i64 8432 %27 = bitcast i8* %26 to i32* %28 = getelementptr inbounds i8, i8* %5, i64 8416 %29 = bitcast i8* %28 to i64* %30 = getelementptr inbounds i8, i8* %5, i64 8440 %31 = bitcast i8* %30 to i64* %32 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %27, i64* %29, i64* %31) #76 %33 = getelementptr inbounds i8, i8* %5, i64 8408 %34 = bitcast i8* %33 to %struct.trace_entry** store %struct.trace_entry* %32, %struct.trace_entry** %34, align 8 %35 = icmp eq %struct.trace_entry* %32, null br i1 %35, label %98, label %36 %37 = getelementptr inbounds i8, i8* %5, i64 72 %38 = bitcast i8* %37 to %struct.ring_buffer_iter*** %39 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %38, align 8 %40 = icmp eq %struct.ring_buffer_iter** %39, null br i1 %40, label %41, label %44 %45 = load i32, i32* %27, align 8 %46 = sext i32 %45 to i64 %47 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %39, i64 %46 %48 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %47, align 8 %49 = load i64, i64* %18, align 8 %50 = add i64 %49, 1 store i64 %50, i64* %18, align 8 %51 = icmp eq %struct.ring_buffer_iter* %48, null br i1 %51, label %57, label %52 tail call void @ring_buffer_iter_advance(%struct.ring_buffer_iter* nonnull %48) #76 %53 = load %struct.trace_entry*, %struct.trace_entry** %34, align 8 %54 = icmp eq %struct.trace_entry* %53, null %55 = icmp eq i8* %5, null %56 = or i1 %54, %55 br i1 %56, label %98, label %59 %60 = getelementptr inbounds i8, i8* %5, i64 8432 %61 = bitcast i8* %60 to i32* %62 = getelementptr inbounds i8, i8* %5, i64 8416 %63 = bitcast i8* %62 to i64* %64 = getelementptr inbounds i8, i8* %5, i64 8440 %65 = bitcast i8* %64 to i64* %66 = getelementptr inbounds i8, i8* %5, i64 8408 %67 = bitcast i8* %66 to %struct.trace_entry** %68 = getelementptr inbounds i8, i8* %5, i64 72 %69 = bitcast i8* %68 to %struct.ring_buffer_iter*** %70 = icmp eq i8* %5, null %71 = load i64, i64* %18, align 8 %72 = icmp slt i64 %71, %21 br i1 %72, label %77, label %98 %78 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %61, i64* %63, i64* %65) #76 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %20 = tail call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %13) #76 br i1 %20, label %114, label %21 %22 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %23 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %22, align 8 %24 = icmp eq %struct.ring_buffer_iter** %23, null br i1 %24, label %36, label %25 %26 = zext i32 %13 to i64 %27 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %23, i64 %26 %28 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %27, align 8 %29 = icmp eq %struct.ring_buffer_iter* %28, null br i1 %29, label %36, label %30 %37 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %38 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %37, i64 0, i32 1 %39 = load %struct.trace_buffer*, %struct.trace_buffer** %38, align 8 %40 = tail call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %39, i32 %13, i64* %3, i64* %2) #76 br label %41 %42 = phi %struct.ring_buffer_event* [ %31, %33 ], [ %31, %30 ], [ %40, %36 ] %43 = icmp eq %struct.ring_buffer_event* %42, null br i1 %43, label %49, label %44 %45 = tail call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %42) #76 %46 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 19 store i32 %45, i32* %46, align 4 %47 = tail call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %42) #76 ------------- Good: 918 Bad: 4 Ignored: 1835 Check Use of Function:filter_match_preds Check Use of Function:__init_rwsem Check Use of Function:__ftrace_trace_stack Check Use of Function:free_compound_page Check Use of Function:__SCT__tp_func_io_uring_create Check Use of Function:io_ring_ctx_wait_and_kill Use: =BAD PATH= Call Stack: 0 io_uring_release ------------- Path:  Function:io_uring_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.io_ring_ctx** %5 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %4, align 8 store i8* null, i8** %3, align 8 tail call fastcc void @io_ring_ctx_wait_and_kill(%struct.io_ring_ctx* %5) #76 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:ext4_fc_start_ineligible Check Use of Function:swap_inode_data Check Use of Function:ext4_ext_tree_init Check Use of Function:ext4_double_down_write_data_sem Check Use of Function:jbd2_journal_lock_updates Check Use of Function:mdio_ctrl_hw Check Use of Function:jbd2_journal_flush Check Use of Function:jbd2_journal_unlock_updates Check Use of Function:walk_page_range Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %12 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %13 = bitcast %struct.vm_area_struct* %0 to i8* %14 = tail call i32 @walk_page_range(%struct.mm_struct* %12, i64 %2, i64 %3, %struct.mm_walk_ops* nonnull @swapin_walk_ops, i8* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %12 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %13 = bitcast %struct.vm_area_struct* %0 to i8* %14 = tail call i32 @walk_page_range(%struct.mm_struct* %12, i64 %2, i64 %3, %struct.mm_walk_ops* nonnull @swapin_walk_ops, i8* %13) #76 ------------- Good: 17 Bad: 2 Ignored: 15 Check Use of Function:do_kexec_load Check Use of Function:gen_replace_estimator Check Use of Function:sr_reset Check Use of Function:kernel_read_file_from_fd Check Use of Function:security_kernel_load_data Check Use of Function:security_kernel_post_load_data Check Use of Function:set_normalized_timespec64 Use: =BAD PATH= Call Stack: 0 do_sys_poll 1 __se_sys_poll 2 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.152* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #76 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.152* %5, i32 %6, %struct.cpu_itimer* %28) #76 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 95 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 32 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.152, %struct.anon.152* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.152, %struct.anon.152* %25, i64 %42 %44 = bitcast %struct.anon.152* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.152* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #76 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_poll 1 __se_sys_poll 2 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.152* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #76 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.152* %5, i32 %6, %struct.cpu_itimer* %28) #76 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 95 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 32 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.152, %struct.anon.152* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.152, %struct.anon.152* %25, i64 %42 %44 = bitcast %struct.anon.152* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.152* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #76 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 compat_core_sys_select 2 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #76 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %70 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast %struct.cpu_itimer* %2 to i8* %32 = bitcast %struct.util_est* %3 to i8* %33 = icmp eq i32 %28, 0 br i1 %33, label %63, label %34 %35 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %30, i64 8) #76 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %68 %38 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = sdiv i64 %43, 1000000 %45 = add nsw i64 %44, %40 %46 = srem i64 %43, 1000000 %47 = mul nsw i64 %46, 1000 %48 = icmp sgt i64 %45, -1 %49 = icmp ult i64 %47, 1000000000 %50 = and i1 %48, %49 br i1 %50, label %51, label %68 %52 = or i64 %47, %45 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %55 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #76 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %59 = load i64, i64* %58, align 8 %60 = call { i64, i64 } @timespec64_add_safe(i64 %57, i64 %59, i64 %45, i64 %47) #76 %61 = extractvalue { i64, i64 } %60, 0 %62 = extractvalue { i64, i64 } %60, 1 store i64 %61, i64* %56, align 8 store i64 %62, i64* %58, align 8 br label %63 %64 = phi %struct.cpu_itimer* [ null, %12 ], [ %2, %55 ], [ %2, %54 ] %65 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.cpu_itimer* %64) #76 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #76 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #76 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 compat_core_sys_select 2 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast %struct.cpu_itimer* %2 to i8* %23 = bitcast %struct.util_est* %3 to i8* %24 = icmp eq i64 %17, 0 %25 = inttoptr i64 %17 to i8* br i1 %24, label %55, label %26 %27 = call i64 @_copy_from_user(i8* nonnull %23, i8* nonnull %25, i64 8) #76 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %60 %30 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %31 = load i32, i32* %30, align 4 %32 = sext i32 %31 to i64 %33 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = sext i32 %34 to i64 %36 = sdiv i64 %35, 1000000 %37 = add nsw i64 %36, %32 %38 = srem i64 %35, 1000000 %39 = mul nsw i64 %38, 1000 %40 = icmp sgt i64 %37, -1 %41 = icmp ult i64 %39, 1000000000 %42 = and i1 %40, %41 br i1 %42, label %43, label %60 %44 = or i64 %39, %37 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %47 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #76 %48 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %37, i64 %39) #76 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 store i64 %53, i64* %48, align 8 store i64 %54, i64* %50, align 8 br label %55 %56 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %47 ], [ %2, %46 ] %57 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.cpu_itimer* %56) #76 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #76 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #76 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 core_sys_select 2 __se_sys_select 3 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #76 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #76 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #76 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #76 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #76 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #76 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #76 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 core_sys_select 2 __se_sys_select 3 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #76 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #76 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #76 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #76 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #76 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #76 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #76 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %13, label %76, label %78 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 %144 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %13, label %76, label %78 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %13, label %76, label %78 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 %26 = tail call zeroext i1 @capable(i32 25) #76 br i1 %26, label %27, label %143 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %143, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #76 br i1 %41, label %42, label %143 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %143, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %143, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %143, label %63 %64 = and i32 %55, 256 %65 = icmp eq i32 %64, 0 br i1 %65, label %96, label %66 %67 = bitcast %struct.cpu_itimer* %5 to i8* %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %74 = and i32 %55, 8192 %75 = icmp eq i32 %74, 0 %76 = mul i64 %72, 1000 %77 = select i1 %75, i64 %76, i64 %72 store i64 %77, i64* %73, align 8 %78 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #77 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %13, label %76, label %78 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i32, i64 } %8, 0 %10 = extractvalue { i32*, i32, i64 } %8, 1 %11 = extractvalue { i32*, i32, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = sext i32 %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %13, i64* %14, align 8 %15 = and i64 %12, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 br i1 %13, label %80, label %78 %79 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %50) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 %106 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i32, i64 } %8, 0 %10 = extractvalue { i32*, i32, i64 } %8, 1 %11 = extractvalue { i32*, i32, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = sext i32 %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %13, i64* %14, align 8 %15 = and i64 %12, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 br i1 %13, label %80, label %78 %79 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %50) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i32, i64 } %8, 0 %10 = extractvalue { i32*, i32, i64 } %8, 1 %11 = extractvalue { i32*, i32, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = sext i32 %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %13, i64* %14, align 8 %15 = and i64 %12, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 br i1 %13, label %80, label %78 %79 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %50) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i32, i64 } %8, 0 %10 = extractvalue { i32*, i32, i64 } %8, 1 %11 = extractvalue { i32*, i32, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = sext i32 %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %13, i64* %14, align 8 %15 = and i64 %12, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 br i1 %8, label %73, label %71 %72 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %43) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 br i1 %13, label %80, label %78 %79 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %50) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_compat_sys_sysinfo ------------- Path:  Function:__ia32_compat_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = alloca %struct.compat_sysinfo, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* %7 = bitcast %struct.compat_sysinfo* %3 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #76 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #76 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #76 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 8 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_sys_sysinfo ------------- Path:  Function:__ia32_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #76 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #76 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #76 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 8 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __x64_sys_sysinfo ------------- Path:  Function:__x64_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #76 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #76 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #76 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 8 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #76 ------------- Good: 39 Bad: 65 Ignored: 40 Check Use of Function:acpi_ev_init_global_lock_handler Check Use of Function:cgroup_lock_and_drain_offline Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_mkdir 2 kernfs_iop_mkdir ------------- Path:  Function:kernfs_iop_mkdir %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 47 %6 = bitcast i8** %5 to %struct.kernfs_node** %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 2 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = icmp eq %struct.kernfs_node* %9, null %11 = select i1 %10, %struct.kernfs_node* %7, %struct.kernfs_node* %9 %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 7, i32 0, i32 2 %13 = load %struct.kernfs_root*, %struct.kernfs_root** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_root, %struct.kernfs_root* %13, i64 0, i32 5 %15 = load %struct.kernfs_syscall_ops*, %struct.kernfs_syscall_ops** %14, align 8 %16 = icmp eq %struct.kernfs_syscall_ops* %15, null br i1 %16, label %51, label %17 %18 = getelementptr inbounds %struct.kernfs_syscall_ops, %struct.kernfs_syscall_ops* %15, i64 0, i32 1 %19 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %20 = icmp eq i32 (%struct.kernfs_node*, i8*, i16)* %19, null br i1 %20, label %51, label %21 %22 = icmp eq %struct.kernfs_node* %7, null br i1 %22, label %51, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 1, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %27, label %51, !prof !6, !misexpect !5 %28 = phi i32 [ %35, %34 ], [ %25, %23 ] %29 = add nuw i32 %28, 1 %30 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !7 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !4, !misexpect !5 %38 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4, i32 1 %40 = load i8*, i8** %39, align 8 %41 = tail call i32 %38(%struct.kernfs_node* nonnull %7, i8* %40, i16 zeroext %3) #76 Function:cgroup_mkdir %4 = alloca %struct.iattr, align 8 %5 = tail call i8* @strchr(i8* %1, i32 10) #76 %6 = icmp eq i8* %5, null br i1 %6, label %7, label %318 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %0, i1 zeroext false) #76 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #76 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #77 ------------- Good: 2 Bad: 1 Ignored: 22 Check Use of Function:check_cgroupfs_options Check Use of Function:logfc Check Use of Function:cgroup_setup_root Check Use of Function:pci_xr17v35x_setup Check Use of Function:cgroup_do_get_tree Check Use of Function:security_task_getscheduler Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.cpu_itimer** %7 = load %struct.cpu_itimer*, %struct.cpu_itimer** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %12 = inttoptr i64 %11 to %struct.task_struct* br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %28, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %4, i64 %7) #76 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* br label %17 %18 = phi %struct.task_struct* [ %13, %12 ], [ %16, %14 ] %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %36, label %20 %21 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %3, i64 %5) #76 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* br label %17 %18 = phi %struct.task_struct* [ %13, %12 ], [ %16, %14 ] %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %36, label %20 %21 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %24 = inttoptr i64 %23 to %struct.task_struct* br label %25 %26 = phi %struct.task_struct* [ %21, %20 ], [ %24, %22 ] %27 = icmp eq %struct.task_struct* %26, null br i1 %27, label %78, label %28 %29 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %26) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %24 = inttoptr i64 %23 to %struct.task_struct* br label %25 %26 = phi %struct.task_struct* [ %21, %20 ], [ %24, %22 ] %27 = icmp eq %struct.task_struct* %26, null br i1 %27, label %78, label %28 %29 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %26) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %20 = inttoptr i64 %19 to %struct.task_struct* br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %35, label %24 %25 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %20 = inttoptr i64 %19 to %struct.task_struct* br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %35, label %24 %25 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %12 = inttoptr i64 %11 to %struct.task_struct* br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %28, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #76 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %5, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %5, 3 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %65 %15 = trunc i64 %0 to i32 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %17 = call i64 @sched_getaffinity(i32 %15, %struct.cpumask* nonnull %16) #76 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %23, label %12 %13 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %10) #76 ------------- Good: 1 Bad: 13 Ignored: 1 Check Use of Function:inet_addr_type_table Check Use of Function:fib_table_delete Check Use of Function:vfat_rmdir Check Use of Function:fib_new_table Check Use of Function:local_bh_enable.67793 Use: =BAD PATH= Call Stack: 0 ip6fl_seq_stop ------------- Path:  Function:ip6fl_seq_stop tail call fastcc void @local_bh_enable.67793() #76 ------------- Use: =BAD PATH= Call Stack: 0 local_bh_enable.67793 1 ip6fl_seq_stop ------------- Path:  Function:ip6fl_seq_stop tail call fastcc void @local_bh_enable.67793() #76 Function:local_bh_enable.67793 br label %1 tail call void @__local_bh_enable_ip(i64 ptrtoint (i8* blockaddress(@local_bh_enable.67793, %1) to i64), i32 512) #76 ------------- Good: 34 Bad: 2 Ignored: 90 Check Use of Function:fl_release Check Use of Function:perf_uprobe_init Check Use of Function:raw_abort Check Use of Function:drop_super Check Use of Function:drop_super_exclusive Check Use of Function:wbinvd_on_cpu Check Use of Function:perf_event_enable Check Use of Function:cpumask_weight.6736 Check Use of Function:strndup_user Use: =BAD PATH= Call Stack: 0 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %84 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #76 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242256, align 8 %8 = bitcast %struct.kernel_pkey_params.242256* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242256* nonnull %7) #76 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242256* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #76 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242256, align 8 %8 = bitcast %struct.kernel_pkey_params.242256* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242256* nonnull %7) #76 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242256* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %91 = inttoptr i64 %6 to %struct.keyctl_pkey_params* %92 = inttoptr i64 %9 to i8* %93 = inttoptr i64 %12 to i8* %94 = inttoptr i64 %15 to i8* %95 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %91, i8* %92, i8* %93, i8* %94) #76 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242256, align 8 %8 = bitcast %struct.kernel_pkey_params.242256* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242256* nonnull %7) #76 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242256* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_join_session_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %24 = inttoptr i64 %6 to i8* %25 = tail call i64 @keyctl_join_session_keyring(i8* %24) #76 Function:keyctl_join_session_keyring %2 = icmp eq i8* %0, null br i1 %2, label %11, label %3 %4 = tail call i8* @strndup_user(i8* nonnull %0, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %41 = inttoptr i64 %9 to i8* %42 = inttoptr i64 %12 to i8* %43 = tail call i64 @keyctl_keyring_search(i32 %17, i8* %41, i8* %42, i32 %20) #76 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #76 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #76 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #76 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #76 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #76 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __ia32_sys_request_key ------------- Path:  Function:__ia32_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_request_key(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #76 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __x64_sys_request_key ------------- Path:  Function:__x64_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_request_key(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #76 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #76 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #76 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #76 ------------- Good: 10 Bad: 20 Ignored: 5 Check Use of Function:dev_get_mac_address Check Use of Function:dev_get_flags Check Use of Function:iomem_get_mapping Check Use of Function:acpi_ut_release_mutex Check Use of Function:dev_ethtool Check Use of Function:rhashtable_destroy Check Use of Function:credit_entropy_bits Check Use of Function:trace_event_dyn_put_ref Check Use of Function:destroy_local_trace_kprobe Check Use of Function:destroy_local_trace_uprobe Check Use of Function:find_task_by_vpid Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __ia32_sys_ioprio_get ------------- Path:  Function:__ia32_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %4, i64 %7) #76 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %231 [ i32 1, label %5 i32 2, label %31 i32 3, label %128 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %10 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __x64_sys_ioprio_get ------------- Path:  Function:__x64_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %3, i64 %5) #76 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %231 [ i32 1, label %5 i32 2, label %31 i32 3, label %128 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %10 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %20 = icmp eq i32 %5, 0 br i1 %20, label %21, label %24 %25 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %20 = icmp eq i32 %5, 0 br i1 %20, label %21, label %24 %25 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #76 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #76 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __ia32_sys_migrate_pages ------------- Path:  Function:__ia32_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 store i64 0, i64* %15, align 8 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %77 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %208, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %49, %46 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %52 %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 0, i32 2 %56 = load i32, i32* %55, align 8 %57 = and i32 %56, 2 %58 = icmp eq i32 %57, 0 br i1 %58, label %62, label %59 %63 = inttoptr i64 %2 to i8* %64 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %63, i64 8) #76 br label %65 %66 = phi i64 [ %61, %59 ], [ %64, %62 ] %67 = trunc i64 %66 to i32 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %208 %70 = and i64 %24, 63 %71 = icmp eq i64 %70, 0 br i1 %71, label %77, label %72 %73 = shl nsw i64 -1, %70 %74 = xor i64 %73, -1 %75 = load i64, i64* %15, align 8 %76 = and i64 %75, %74 store i64 %76, i64* %15, align 8 br label %77 %78 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %78, align 8 %79 = icmp ne i64 %3, 0 %80 = and i1 %16, %79 br i1 %80, label %81, label %140 %82 = icmp ugt i64 %14, 32768 br i1 %82, label %208, label %83 %84 = bitcast i64* %5 to i8* br label %85 %86 = phi i64 [ %111, %108 ], [ %14, %83 ] %87 = icmp ugt i64 %86, 64 br i1 %87, label %88, label %114 %115 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %116 = inttoptr i64 %115 to %struct.task_struct* %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 2 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %124, label %121 %125 = bitcast %struct.cpumask* %13 to i8* %126 = inttoptr i64 %3 to i8* %127 = call i64 @_copy_from_user(i8* %125, i8* nonnull %126, i64 8) #76 br label %128 %129 = phi i64 [ %123, %121 ], [ %127, %124 ] %130 = trunc i64 %129 to i32 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %208 %133 = and i64 %86, 63 %134 = icmp eq i64 %133, 0 br i1 %134, label %140, label %135 %136 = shl nsw i64 -1, %133 %137 = xor i64 %136, -1 %138 = load i64, i64* %78, align 8 %139 = and i64 %138, %137 store i64 %139, i64* %78, align 8 br label %140 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = icmp eq i32 %8, 0 br i1 %141, label %144, label %142 %143 = call %struct.task_struct* @find_task_by_vpid(i32 %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __x64_sys_migrate_pages ------------- Path:  Function:__x64_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 store i64 0, i64* %15, align 8 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %77 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %208, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %49, %46 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %52 %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 0, i32 2 %56 = load i32, i32* %55, align 8 %57 = and i32 %56, 2 %58 = icmp eq i32 %57, 0 br i1 %58, label %62, label %59 %63 = inttoptr i64 %2 to i8* %64 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %63, i64 8) #76 br label %65 %66 = phi i64 [ %61, %59 ], [ %64, %62 ] %67 = trunc i64 %66 to i32 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %208 %70 = and i64 %24, 63 %71 = icmp eq i64 %70, 0 br i1 %71, label %77, label %72 %73 = shl nsw i64 -1, %70 %74 = xor i64 %73, -1 %75 = load i64, i64* %15, align 8 %76 = and i64 %75, %74 store i64 %76, i64* %15, align 8 br label %77 %78 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %78, align 8 %79 = icmp ne i64 %3, 0 %80 = and i1 %16, %79 br i1 %80, label %81, label %140 %82 = icmp ugt i64 %14, 32768 br i1 %82, label %208, label %83 %84 = bitcast i64* %5 to i8* br label %85 %86 = phi i64 [ %111, %108 ], [ %14, %83 ] %87 = icmp ugt i64 %86, 64 br i1 %87, label %88, label %114 %115 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %116 = inttoptr i64 %115 to %struct.task_struct* %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 2 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %124, label %121 %125 = bitcast %struct.cpumask* %13 to i8* %126 = inttoptr i64 %3 to i8* %127 = call i64 @_copy_from_user(i8* %125, i8* nonnull %126, i64 8) #76 br label %128 %129 = phi i64 [ %123, %121 ], [ %127, %124 ] %130 = trunc i64 %129 to i32 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %208 %133 = and i64 %86, 63 %134 = icmp eq i64 %133, 0 br i1 %134, label %140, label %135 %136 = shl nsw i64 -1, %133 %137 = xor i64 %136, -1 %138 = load i64, i64* %78, align 8 %139 = and i64 %138, %137 store i64 %139, i64* %78, align 8 br label %140 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = icmp eq i32 %8, 0 br i1 %141, label %144, label %142 %143 = call %struct.task_struct* @find_task_by_vpid(i32 %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_get_robust_list 1 __ia32_sys_get_robust_list ------------- Path:  Function:__ia32_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_get_robust_list(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_get_robust_list %4 = trunc i64 %0 to i32 %5 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %5, label %6, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %8, label %11 %12 = tail call %struct.task_struct.91501* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.91501* (i32)*)(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_get_robust_list 1 __x64_sys_get_robust_list ------------- Path:  Function:__x64_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_get_robust_list(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_get_robust_list %4 = trunc i64 %0 to i32 %5 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %5, label %6, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %8, label %11 %12 = tail call %struct.task_struct.91501* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.91501* (i32)*)(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_robust_list ------------- Path:  Function:__ia32_compat_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %11, label %12, label %47 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = icmp eq i32 %10, 0 br i1 %13, label %14, label %17 %18 = tail call %struct.task_struct.91501* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.91501* (i32)*)(i32 %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #76 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #76 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #76 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %5, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %5, 3 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %65 %15 = trunc i64 %0 to i32 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %17 = call i64 @sched_getaffinity(i32 %15, %struct.cpumask* nonnull %16) #76 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* @find_task_by_vpid(i32 %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* @find_task_by_vpid(i32 %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %4, i64 %7) #76 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %3, i64 %5) #76 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.cpu_itimer** %7 = load %struct.cpu_itimer*, %struct.cpu_itimer** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #76 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #76 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %10 = icmp ult i32 %6, 8 br i1 %10, label %11, label %16 %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %11 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %60, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 %27 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %28 %29 = phi i64 [ %26, %25 ], [ %47, %40 ] %30 = phi i32* [ %7, %25 ], [ %41, %40 ] %31 = phi i64* [ %27, %25 ], [ %46, %40 ] %32 = icmp ugt i64 %29, 1 br i1 %32, label %33, label %48 %49 = icmp eq i64 %29, 0 br i1 %49, label %56, label %50 %51 = bitcast i32* %30 to %struct.__large_struct* %52 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %51, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %55)) #4 to label %53 [label %55], !srcloc !11 %54 = zext i32 %52 to i64 store i64 %54, i64* %31, align 8 br label %56 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %57 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %9) #76 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #76 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #76 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #76 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #76 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %88 = call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #76 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %88 = call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #76 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #76 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #76 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #76 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %5 to i32 %14 = trunc i64 %7 to i32 %15 = trunc i64 %9 to i32 %16 = bitcast %struct.kernel_siginfo* %3 to i8* %17 = bitcast %struct.compat_siginfo* %2 to i8* %18 = inttoptr i64 %12 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %17, i8* %18, i64 128) #76 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %15, i32* %23, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #76 %24 = icmp slt i32 %14, 1 %25 = icmp slt i32 %13, 1 %26 = or i1 %25, %24 br i1 %26, label %41, label %27 %28 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %29 = load i32, i32* %28, align 8 %30 = icmp sgt i32 %29, -1 %31 = icmp eq i32 %29, -6 %32 = or i1 %30, %31 br i1 %32, label %33, label %38 %34 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = call i32 @__task_pid_nr_ns(%struct.task_struct* %35, i32 0, %struct.pid_namespace* null) #76 %37 = icmp eq i32 %36, %14 br i1 %37, label %38, label %41 %39 = call fastcc i32 @do_send_specific(i32 %13, i32 %14, i32 %15, %struct.kernel_siginfo* nonnull %3) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #76 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = icmp slt i32 %7, 1 br i1 %9, label %29, label %10 %11 = bitcast %struct.kernel_siginfo* %2 to i8* %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %8, i32* %12, align 8 %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %13, align 4 %14 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %16, i32 1, %struct.pid_namespace* null) #76 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %20 = load %struct.cred*, %struct.cred** %19, align 64 %21 = getelementptr inbounds %struct.cred, %struct.cred* %20, i64 0, i32 1, i32 0 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, -1 %24 = load i32, i32* @overflowuid, align 4 %25 = select i1 %23, i32 %24, i32 %22 %26 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %25, i32* %26, align 4 %27 = call fastcc i32 @do_send_specific(i32 0, i32 %7, i32 %8, %struct.kernel_siginfo* nonnull %2) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __se_sys_rt_tgsigqueueinfo 2 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_rt_tgsigqueueinfo(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_rt_tgsigqueueinfo %5 = alloca [80 x i8], align 16 %6 = alloca %struct.kernel_siginfo, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = inttoptr i64 %3 to %struct.siginfo* %11 = bitcast %struct.kernel_siginfo* %6 to i8* %12 = inttoptr i64 %3 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %11, i8* %12, i64 48) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %76 %16 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 0 store i32 %9, i32* %16, align 8 %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = icmp eq i32 %18, 128 br i1 %19, label %60, label %20 %21 = icmp sgt i32 %18, 0 br i1 %21, label %22, label %38 %39 = icmp sgt i32 %18, -8 %40 = icmp eq i32 %18, -60 %41 = or i1 %39, %40 br i1 %41, label %60, label %42 %43 = getelementptr %struct.siginfo, %struct.siginfo* %10, i64 0, i32 0, i32 1, i64 0 %44 = getelementptr inbounds [80 x i8], [80 x i8]* %5, i64 0, i64 0 %45 = call i64 @_copy_from_user(i8* nonnull %44, i8* %43, i64 80) #76 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %57 %53 = phi i64 [ %95, %94 ], [ 0, %42 ] %54 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %53 %55 = load i8, i8* %54, align 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %47, label %57 %48 = add nuw nsw i64 %53, 1 %49 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %48 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %79, label %57 %80 = add nuw nsw i64 %53, 2 %81 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %80 %82 = load i8, i8* %81, align 1 %83 = icmp eq i8 %82, 0 br i1 %83, label %84, label %57 %85 = add nuw nsw i64 %53, 3 %86 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %85 %87 = load i8, i8* %86, align 1 %88 = icmp eq i8 %87, 0 br i1 %88, label %89, label %57 %90 = add nuw nsw i64 %53, 4 %91 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %90 %92 = load i8, i8* %91, align 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %57 %95 = add nuw nsw i64 %53, 5 %96 = icmp eq i64 %95, 80 br i1 %96, label %59, label %52 br label %60 %61 = icmp slt i32 %8, 1 %62 = icmp slt i32 %7, 1 %63 = or i1 %62, %61 br i1 %63, label %76, label %64 %65 = load i32, i32* %17, align 8 %66 = icmp sgt i32 %65, -1 %67 = icmp eq i32 %65, -6 %68 = or i1 %66, %67 br i1 %68, label %69, label %74 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = call i32 @__task_pid_nr_ns(%struct.task_struct* %71, i32 0, %struct.pid_namespace* null) #76 %73 = icmp eq i32 %72, %8 br i1 %73, label %74, label %76 %75 = call fastcc i32 @do_send_specific(i32 %7, i32 %8, i32 %9, %struct.kernel_siginfo* nonnull %6) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __se_sys_rt_tgsigqueueinfo 2 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_rt_tgsigqueueinfo(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_rt_tgsigqueueinfo %5 = alloca [80 x i8], align 16 %6 = alloca %struct.kernel_siginfo, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = inttoptr i64 %3 to %struct.siginfo* %11 = bitcast %struct.kernel_siginfo* %6 to i8* %12 = inttoptr i64 %3 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %11, i8* %12, i64 48) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %76 %16 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 0 store i32 %9, i32* %16, align 8 %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = icmp eq i32 %18, 128 br i1 %19, label %60, label %20 %21 = icmp sgt i32 %18, 0 br i1 %21, label %22, label %38 %39 = icmp sgt i32 %18, -8 %40 = icmp eq i32 %18, -60 %41 = or i1 %39, %40 br i1 %41, label %60, label %42 %43 = getelementptr %struct.siginfo, %struct.siginfo* %10, i64 0, i32 0, i32 1, i64 0 %44 = getelementptr inbounds [80 x i8], [80 x i8]* %5, i64 0, i64 0 %45 = call i64 @_copy_from_user(i8* nonnull %44, i8* %43, i64 80) #76 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %57 %53 = phi i64 [ %95, %94 ], [ 0, %42 ] %54 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %53 %55 = load i8, i8* %54, align 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %47, label %57 %48 = add nuw nsw i64 %53, 1 %49 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %48 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %79, label %57 %80 = add nuw nsw i64 %53, 2 %81 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %80 %82 = load i8, i8* %81, align 1 %83 = icmp eq i8 %82, 0 br i1 %83, label %84, label %57 %85 = add nuw nsw i64 %53, 3 %86 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %85 %87 = load i8, i8* %86, align 1 %88 = icmp eq i8 %87, 0 br i1 %88, label %89, label %57 %90 = add nuw nsw i64 %53, 4 %91 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %90 %92 = load i8, i8* %91, align 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %57 %95 = add nuw nsw i64 %53, 5 %96 = icmp eq i64 %95, 80 br i1 %96, label %59, label %52 br label %60 %61 = icmp slt i32 %8, 1 %62 = icmp slt i32 %7, 1 %63 = or i1 %62, %61 br i1 %63, label %76, label %64 %65 = load i32, i32* %17, align 8 %66 = icmp sgt i32 %65, -1 %67 = icmp eq i32 %65, -6 %68 = or i1 %66, %67 br i1 %68, label %69, label %74 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = call i32 @__task_pid_nr_ns(%struct.task_struct* %71, i32 0, %struct.pid_namespace* null) #76 %73 = icmp eq i32 %72, %8 br i1 %73, label %74, label %76 %75 = call fastcc i32 @do_send_specific(i32 %7, i32 %8, i32 %9, %struct.kernel_siginfo* nonnull %6) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #76 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = icmp slt i32 %7, 1 br i1 %9, label %29, label %10 %11 = bitcast %struct.kernel_siginfo* %2 to i8* %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %8, i32* %12, align 8 %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %13, align 4 %14 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %16, i32 1, %struct.pid_namespace* null) #76 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %20 = load %struct.cred*, %struct.cred** %19, align 64 %21 = getelementptr inbounds %struct.cred, %struct.cred* %20, i64 0, i32 1, i32 0 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, -1 %24 = load i32, i32* @overflowuid, align 4 %25 = select i1 %23, i32 %24, i32 %22 %26 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %25, i32* %26, align 4 %27 = call fastcc i32 @do_send_specific(i32 0, i32 %7, i32 %8, %struct.kernel_siginfo* nonnull %2) #76 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __ia32_sys_setpriority ------------- Path:  Function:__ia32_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setpriority(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp ugt i32 %4, 2 br i1 %11, label %142, label %12 %13 = icmp sgt i32 %6, -20 %14 = select i1 %13, i32 %6, i32 -20 %15 = icmp slt i32 %14, 19 %16 = select i1 %15, i32 %14, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 switch i32 %4, label %139 [ i32 0, label %17 i32 1, label %26 i32 2, label %81 ] %18 = icmp eq i32 %5, 0 br i1 %18, label %21, label %19 %20 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __x64_sys_setpriority ------------- Path:  Function:__x64_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setpriority(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp ugt i32 %4, 2 br i1 %11, label %142, label %12 %13 = icmp sgt i32 %6, -20 %14 = select i1 %13, i32 %6, i32 -20 %15 = icmp slt i32 %14, 19 %16 = select i1 %15, i32 %14, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 switch i32 %4, label %139 [ i32 0, label %17 i32 1, label %26 i32 2, label %81 ] %18 = icmp eq i32 %5, 0 br i1 %18, label %21, label %19 %20 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #76 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #76 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #76 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #76 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __ia32_sys_prlimit64 ------------- Path:  Function:__ia32_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_prlimit64(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct* @find_task_by_vpid(i32 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __x64_sys_prlimit64 ------------- Path:  Function:__x64_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_prlimit64(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct* @find_task_by_vpid(i32 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getsid ------------- Path:  Function:__x64_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __ia32_sys_getpriority ------------- Path:  Function:__ia32_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_getpriority(i64 %4, i64 %7) #76 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 85 %8 = load %struct.cred*, %struct.cred** %7, align 64 %9 = icmp ugt i32 %3, 2 br i1 %9, label %153, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 switch i32 %3, label %150 [ i32 0, label %11 i32 1, label %26 i32 2, label %86 ] %12 = icmp eq i32 %4, 0 br i1 %12, label %15, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __x64_sys_getpriority ------------- Path:  Function:__x64_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_getpriority(i64 %3, i64 %5) #76 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 85 %8 = load %struct.cred*, %struct.cred** %7, align 64 %9 = icmp ugt i32 %3, 2 br i1 %9, label %153, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 switch i32 %3, label %150 [ i32 0, label %11 i32 1, label %26 i32 2, label %86 ] %12 = icmp eq i32 %4, 0 br i1 %12, label %15, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getpgid ------------- Path:  Function:__x64_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getsid ------------- Path:  Function:__ia32_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getpgid ------------- Path:  Function:__ia32_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #76 ------------- Good: 10 Bad: 56 Ignored: 10 Check Use of Function:perf_event_alloc Check Use of Function:__perf_remove_from_context Check Use of Function:find_get_context Check Use of Function:x86_pmu_aux_output_match Check Use of Function:modify_user_hw_breakpoint_check Check Use of Function:tg3_phy_start Check Use of Function:single_open Use: =BAD PATH= Call Stack: 0 rpc_proc_open ------------- Path:  Function:rpc_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #76 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_proc_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 rpc_dummy_info_open ------------- Path:  Function:rpc_dummy_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_dummy_info_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 rpc_info_open ------------- Path:  Function:rpc_info_open %3 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_show_info, i8* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 pmc_dev_state_open ------------- Path:  Function:pmc_dev_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_dev_state_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 pmc_pss_state_open ------------- Path:  Function:pmc_pss_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_pss_state_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 pmc_sleep_tmr_open ------------- Path:  Function:pmc_sleep_tmr_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_sleep_tmr_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 hid_debug_rdesc_open ------------- Path:  Function:hid_debug_rdesc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @hid_debug_rdesc_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_open ------------- Path:  Function:xhci_port_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_portsc_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 xhci_context_open ------------- Path:  Function:xhci_context_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.116.55483, i64 0, i64 0), i8* %19) #77 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(13) getelementptr inbounds ([13 x i8], [13 x i8]* @.str.117.55484, i64 0, i64 0), i8* %19) #77 %24 = icmp eq i32 %23, 0 %25 = select i1 %24, i64 1, i64 2 br label %26 %27 = phi i64 [ 0, %17 ], [ %25, %22 ] %28 = getelementptr [3 x %struct.xhci_file_map], [3 x %struct.xhci_file_map]* @context_files, i64 0, i64 %27, i32 1 %29 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %28, align 8 %30 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %31 = load i8*, i8** %30, align 8 %32 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %29, i8* %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 xhci_stream_id_open ------------- Path:  Function:xhci_stream_id_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_id_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 xhci_stream_context_array_open ------------- Path:  Function:xhci_stream_context_array_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_context_array_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 xhci_ring_open ------------- Path:  Function:xhci_ring_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.55371, i64 0, i64 0), i8* %19) #77 %21 = icmp eq i32 %20, 0 br i1 %21, label %25, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.55372, i64 0, i64 0), i8* %19) #77 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %33 = tail call i32 @strcmp(i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.18.55373, i64 0, i64 0), i8* %19) #77 %34 = icmp eq i32 %33, 0 %35 = select i1 %34, i64 2, i64 3 br label %25 %26 = phi i64 [ 0, %17 ], [ 1, %22 ], [ %35, %32 ] %27 = getelementptr [4 x %struct.xhci_file_map], [4 x %struct.xhci_file_map]* @ring_files, i64 0, i64 %26, i32 1 %28 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %30 = load i8*, i8** %29, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %28, i8* %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 sg_proc_single_open_dressz ------------- Path:  Function:sg_proc_single_open_dressz %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.294777*, i32 (%struct.seq_file.294570*, i8*)*, i8*)*)(%struct.file.294777* %1, i32 (%struct.seq_file.294570*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_big_buff to i8*)) #76 ------------- Use: =BAD PATH= Call Stack: 0 sg_proc_single_open_adio ------------- Path:  Function:sg_proc_single_open_adio %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.294777*, i32 (%struct.seq_file.294570*, i8*)*, i8*)*)(%struct.file.294777* %1, i32 (%struct.seq_file.294570*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_allow_dio to i8*)) #76 ------------- Use: =BAD PATH= Call Stack: 0 dma_buf_debug_open ------------- Path:  Function:dma_buf_debug_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dma_buf_debug_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 regmap_access_open ------------- Path:  Function:regmap_access_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @regmap_access_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 rbtree_open ------------- Path:  Function:rbtree_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rbtree_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 deferred_devs_open ------------- Path:  Function:deferred_devs_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @deferred_devs_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 component_devices_open ------------- Path:  Function:component_devices_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @component_devices_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 huc_info_open ------------- Path:  Function:huc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @huc_info_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 guc_log_dump_open ------------- Path:  Function:guc_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_log_dump_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 guc_load_err_log_dump_open ------------- Path:  Function:guc_load_err_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_load_err_log_dump_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 guc_info_open ------------- Path:  Function:guc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_info_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 guc_registered_contexts_open ------------- Path:  Function:guc_registered_contexts_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_registered_contexts_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 guc_slpc_info_open ------------- Path:  Function:guc_slpc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_slpc_info_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 uc_usage_open ------------- Path:  Function:uc_usage_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @uc_usage_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 sseu_status_open ------------- Path:  Function:sseu_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @sseu_status_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 rcs_topology_open ------------- Path:  Function:rcs_topology_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rcs_topology_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drpc_open ------------- Path:  Function:drpc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @drpc_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 frequency_open ------------- Path:  Function:frequency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @frequency_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 fw_domains_open ------------- Path:  Function:fw_domains_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @fw_domains_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 llc_open ------------- Path:  Function:llc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @llc_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 rps_boost_open ------------- Path:  Function:rps_boost_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rps_boost_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 engines_open ------------- Path:  Function:engines_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @engines_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_panel_open ------------- Path:  Function:i915_panel_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_panel_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_psr_sink_status_open ------------- Path:  Function:i915_psr_sink_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_sink_status_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_psr_status_open ------------- Path:  Function:i915_psr_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_status_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_hdcp_sink_capability_open ------------- Path:  Function:i915_hdcp_sink_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hdcp_sink_capability_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_open ------------- Path:  Function:i915_dsc_fec_support_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_fec_support_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_bpp_open ------------- Path:  Function:i915_dsc_bpp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_bpp_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_lpsp_capability_open ------------- Path:  Function:i915_lpsp_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_lpsp_capability_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 pri_wm_latency_open ------------- Path:  Function:pri_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1731 %6 = load i8, i8* %5, align 1 %7 = icmp ult i8 %6, 5 br i1 %7, label %8, label %14 %9 = getelementptr i8, i8* %4, i64 1828 %10 = bitcast i8* %9 to i32* %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 98304 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pri_wm_latency_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 spr_wm_latency_open ------------- Path:  Function:spr_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @spr_wm_latency_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cur_wm_latency_open ------------- Path:  Function:cur_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @cur_wm_latency_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_data_open ------------- Path:  Function:i915_displayport_test_data_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_data_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_type_open ------------- Path:  Function:i915_displayport_test_type_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_type_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_active_open ------------- Path:  Function:i915_displayport_test_active_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_active_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_open ------------- Path:  Function:i915_hpd_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_storm_ctl_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_open ------------- Path:  Function:i915_hpd_short_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_short_storm_ctl_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_ipc_status_open ------------- Path:  Function:i915_ipc_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 8192 %9 = icmp eq i24 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_ipc_status_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_charp_open ------------- Path:  Function:i915_param_charp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_charp_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_uint_open ------------- Path:  Function:i915_param_uint_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_uint_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ttm_pool_debugfs_globals_open ------------- Path:  Function:ttm_pool_debugfs_globals_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_globals_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ttm_pool_debugfs_shrink_open ------------- Path:  Function:ttm_pool_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_shrink_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ttm_tt_debugfs_shrink_open ------------- Path:  Function:ttm_tt_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_tt_debugfs_shrink_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_open ------------- Path:  Function:crc_control_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @crc_control_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 vrr_range_open ------------- Path:  Function:vrr_range_open %3 = getelementptr inbounds %struct.inode.409586, %struct.inode.409586* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.409537*, i32 (%struct.seq_file.409538*, i8*)*, i8*)*)(%struct.file.409537* %1, i32 (%struct.seq_file.409538*, i8*)* nonnull @vrr_range_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 edid_open ------------- Path:  Function:edid_open %3 = getelementptr inbounds %struct.inode.409586, %struct.inode.409586* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.409537*, i32 (%struct.seq_file.409538*, i8*)*, i8*)*)(%struct.file.409537* %1, i32 (%struct.seq_file.409538*, i8*)* nonnull @edid_show.38357, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_debugfs_open ------------- Path:  Function:drm_debugfs_open %3 = getelementptr inbounds %struct.inode.409586, %struct.inode.409586* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 8 %6 = bitcast i8* %5 to %struct.drm_info_list.409639** %7 = load %struct.drm_info_list.409639*, %struct.drm_info_list.409639** %6, align 8 %8 = getelementptr inbounds %struct.drm_info_list.409639, %struct.drm_info_list.409639* %7, i64 0, i32 1 %9 = load i32 (%struct.seq_file.409538*, i8*)*, i32 (%struct.seq_file.409538*, i8*)** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.409537*, i32 (%struct.seq_file.409538*, i8*)*, i8*)*)(%struct.file.409537* %1, i32 (%struct.seq_file.409538*, i8*)* %9, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 connector_open ------------- Path:  Function:connector_open %3 = getelementptr inbounds %struct.inode.409586, %struct.inode.409586* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.409537*, i32 (%struct.seq_file.409538*, i8*)*, i8*)*)(%struct.file.409537* %1, i32 (%struct.seq_file.409538*, i8*)* nonnull @connector_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 dmaengine_summary_open ------------- Path:  Function:dmaengine_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dmaengine_summary_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 clk_summary_open ------------- Path:  Function:clk_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_summary_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 clk_dump_open ------------- Path:  Function:clk_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_dump_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 clk_min_rate_open ------------- Path:  Function:clk_min_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_min_rate_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 clk_max_rate_open ------------- Path:  Function:clk_max_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_max_rate_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 clk_flags_open ------------- Path:  Function:clk_flags_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_flags_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 clk_duty_cycle_open ------------- Path:  Function:clk_duty_cycle_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_duty_cycle_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 current_parent_open ------------- Path:  Function:current_parent_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @current_parent_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 possible_parents_open ------------- Path:  Function:possible_parents_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @possible_parents_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_debugfs_open ------------- Path:  Function:blk_mq_debugfs_open %3 = getelementptr inbounds %struct.inode.295289, %struct.inode.295289* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.blk_mq_debugfs_attr.295148** %5 = load %struct.blk_mq_debugfs_attr.295148*, %struct.blk_mq_debugfs_attr.295148** %4, align 8 %6 = getelementptr inbounds %struct.file.295297, %struct.file.295297* %1, i64 0, i32 1, i32 1 %7 = load %struct.dentry.295293*, %struct.dentry.295293** %6, align 8 %8 = getelementptr inbounds %struct.dentry.295293, %struct.dentry.295293* %7, i64 0, i32 3 %9 = load %struct.dentry.295293*, %struct.dentry.295293** %8, align 8 %10 = getelementptr inbounds %struct.dentry.295293, %struct.dentry.295293* %9, i64 0, i32 5 %11 = load %struct.inode.295289*, %struct.inode.295289** %10, align 8 %12 = getelementptr inbounds %struct.inode.295289, %struct.inode.295289* %11, i64 0, i32 47 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.blk_mq_debugfs_attr.295148, %struct.blk_mq_debugfs_attr.295148* %5, i64 0, i32 4 %16 = load %struct.seq_operations.294888*, %struct.seq_operations.294888** %15, align 8 %17 = icmp eq %struct.seq_operations.294888* %16, null %18 = bitcast %struct.blk_mq_debugfs_attr.295148* %5 to i8* br i1 %17, label %28, label %19 %29 = getelementptr inbounds %struct.blk_mq_debugfs_attr.295148, %struct.blk_mq_debugfs_attr.295148* %5, i64 0, i32 2 %30 = load i32 (i8*, %struct.seq_file.295298*)*, i32 (i8*, %struct.seq_file.295298*)** %29, align 8 %31 = icmp eq i32 (i8*, %struct.seq_file.295298*)* %30, null br i1 %31, label %32, label %33, !prof !4, !misexpect !5 %34 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.295297*, i32 (%struct.seq_file.295298*, i8*)*, i8*)*)(%struct.file.295297* %1, i32 (%struct.seq_file.295298*, i8*)* nonnull @blk_mq_debugfs_show, i8* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_devm_entry_open ------------- Path:  Function:debugfs_devm_entry_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.debugfs_devm_entry** %5 = load %struct.debugfs_devm_entry*, %struct.debugfs_devm_entry** %4, align 8 %6 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 0 %7 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %6, align 8 %8 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 1 %9 = bitcast %struct.device** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %7, i8* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_open_regset32 ------------- Path:  Function:debugfs_open_regset32 %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @debugfs_show_regset32, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 single_open_net ------------- Path:  Function:single_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 17 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.net** %11 = load %struct.net*, %struct.net** %10, align 8 %12 = getelementptr inbounds %struct.net, %struct.net* %11, i64 0, i32 14, i32 3 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %12, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %2 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %2 ], [ 0, %23 ], [ %17, %16 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 %33 = icmp eq i32 %27, 0 %34 = icmp eq %struct.net* %11, null %35 = or i1 %34, %33 br i1 %35, label %52, label %36 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %38 = bitcast %union.anon.80.177300* %37 to i32 (%struct.seq_file*, i8*)** %39 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %38, align 8 %40 = bitcast %struct.net* %11 to i8* %41 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %39, i8* nonnull %40) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_single_open.18473 ------------- Path:  Function:proc_single_open.18473 %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %8 = bitcast %union.anon.80.177300* %7 to i32 (%struct.seq_file*, i8*)** %9 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %8, align 8 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 10 %11 = load i8*, i8** %10, align 8 %12 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %9, i8* %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 timerslack_ns_open ------------- Path:  Function:timerslack_ns_open %3 = bitcast %struct.inode.177941* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177762*, i32 (%struct.seq_file.177729*, i8*)*, i8*)*)(%struct.file.177762* %1, i32 (%struct.seq_file.177729*, i8*)* nonnull @timerslack_ns_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 comm_open ------------- Path:  Function:comm_open %3 = bitcast %struct.inode.177941* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177762*, i32 (%struct.seq_file.177729*, i8*)*, i8*)*)(%struct.file.177762* %1, i32 (%struct.seq_file.177729*, i8*)* nonnull @comm_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 timens_offsets_open ------------- Path:  Function:timens_offsets_open %3 = bitcast %struct.inode.177941* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177762*, i32 (%struct.seq_file.177729*, i8*)*, i8*)*)(%struct.file.177762* %1, i32 (%struct.seq_file.177729*, i8*)* nonnull @timens_offsets_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_single_open ------------- Path:  Function:proc_single_open %3 = bitcast %struct.inode.177941* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177762*, i32 (%struct.seq_file.177729*, i8*)*, i8*)*)(%struct.file.177762* %1, i32 (%struct.seq_file.177729*, i8*)* nonnull @proc_single_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 suspend_stats_open ------------- Path:  Function:suspend_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @suspend_stats_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_affinity_list_proc_open ------------- Path:  Function:irq_affinity_list_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #76 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_list_proc_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_affinity_proc_open ------------- Path:  Function:irq_affinity_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #76 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_proc_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 default_affinity_open ------------- Path:  Function:default_affinity_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #76 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @default_affinity_show, i8* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 tk_debug_sleep_time_open ------------- Path:  Function:tk_debug_sleep_time_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tk_debug_sleep_time_show, i8* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #76 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #76 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_time_stamp_mode_show, i8* %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #76 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #76 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_clock_show, i8* %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #76 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #76 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_trace_options_show, i8* %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 bdi_debug_stats_open ------------- Path:  Function:bdi_debug_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @bdi_debug_stats_show, i8* %4) #76 ------------- Good: 5 Bad: 89 Ignored: 133 Check Use of Function:__dquot_free_space Check Use of Function:__mark_inode_dirty Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode.210494, %struct.inode.210494* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = and i32 %2, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %19, label %10 %11 = tail call i32 @fat_truncate_time(%struct.inode.210494* %0, %struct.cpu_itimer* %1, i32 %2) #76 %12 = getelementptr inbounds %struct.inode.210494, %struct.inode.210494* %0, i64 0, i32 8 %13 = load %struct.super_block.210534*, %struct.super_block.210534** %12, align 8 %14 = getelementptr inbounds %struct.super_block.210534, %struct.super_block.210534* %13, i64 0, i32 10 %15 = load i64, i64* %14, align 16 %16 = and i64 %15, 33554432 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i32 1, i32 2048 br label %19 %20 = phi i32 [ 0, %7 ], [ %18, %10 ] %21 = and i32 %2, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %37, label %23 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = getelementptr inbounds %struct.inode.210494, %struct.inode.210494* %0, i64 0, i32 33, i32 0 %25 = load volatile i64, i64* %24, align 8 br label %26 %27 = phi i64 [ %25, %23 ], [ %33, %30 ] %28 = and i64 %27, 1 %29 = icmp eq i64 %28, 0 br i1 %29, label %37, label %30 %38 = phi i32 [ %20, %19 ], [ %36, %35 ], [ %20, %26 ] tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.210494*, i32)*)(%struct.inode.210494* %0, i32 %38) #77 ------------- Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode.210494, %struct.inode.210494* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = and i32 %2, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %19, label %10 %11 = tail call i32 @fat_truncate_time(%struct.inode.210494* %0, %struct.cpu_itimer* %1, i32 %2) #76 %12 = getelementptr inbounds %struct.inode.210494, %struct.inode.210494* %0, i64 0, i32 8 %13 = load %struct.super_block.210534*, %struct.super_block.210534** %12, align 8 %14 = getelementptr inbounds %struct.super_block.210534, %struct.super_block.210534* %13, i64 0, i32 10 %15 = load i64, i64* %14, align 16 %16 = and i64 %15, 33554432 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i32 1, i32 2048 br label %19 %20 = phi i32 [ 0, %7 ], [ %18, %10 ] %21 = and i32 %2, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %37, label %23 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = getelementptr inbounds %struct.inode.210494, %struct.inode.210494* %0, i64 0, i32 33, i32 0 %25 = load volatile i64, i64* %24, align 8 br label %26 %27 = phi i64 [ %25, %23 ], [ %33, %30 ] %28 = and i64 %27, 1 %29 = icmp eq i64 %28, 0 br i1 %29, label %37, label %30 %38 = phi i32 [ %20, %19 ], [ %36, %35 ], [ %20, %26 ] tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.210494*, i32)*)(%struct.inode.210494* %0, i32 %38) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #77 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #77 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 9 %11 = load %struct.address_space_operations*, %struct.address_space_operations** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %11, i64 0, i32 1 %13 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %12, align 8 %14 = icmp eq i32 (%struct.file*, %struct.page*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %21) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 2 %4 = load %struct.inode.215746*, %struct.inode.215746** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, %struct.vm_area_struct*)* @generic_file_mmap to i32 (%struct.file.215754*, %struct.vm_area_struct.215770*)*)(%struct.file.215754* %0, %struct.vm_area_struct.215770* %1) #76 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ %16, %23 ], [ %103, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ 0, %23 ], [ %100, %124 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #76 switch i32 %40, label %129 [ i32 0, label %41 i32 -22, label %134 ] %135 = phi i32 [ 0, %70 ], [ 0, %56 ], [ 0, %55 ], [ 0, %2 ], [ %130, %129 ], [ 0, %36 ] %136 = phi i64 [ %31, %70 ], [ %31, %56 ], [ %31, %55 ], [ 0, %2 ], [ %131, %129 ], [ %31, %36 ] %137 = phi i64 [ %30, %70 ], [ %30, %56 ], [ %30, %55 ], [ %17, %2 ], [ %132, %129 ], [ %30, %36 ] %138 = phi i64 [ %29, %70 ], [ %29, %56 ], [ %29, %55 ], [ %16, %2 ], [ %133, %129 ], [ %29, %36 ] %139 = shl i64 %138, 12 %140 = add i64 %139, %137 store i64 %140, i64* %10, align 8 %141 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %142 = load i32, i32* %141, align 8 %143 = and i32 %142, 262144 %144 = icmp eq i32 %143, 0 br i1 %144, label %145, label %147 %146 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %146) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 6, i32 4, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %28) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*, i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.154414*, i64*, %struct.pipe_inode_info.154505*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273225*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*)(%struct.file.273225* %0, i64* %1, %struct.pipe_inode_info.273162* %2, i64 %3, i32 %4) #76 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %43 = getelementptr inbounds %struct.super_block.149904, %struct.super_block.149904* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.149921*, i32)*)(%struct.inode.149921* %8, i32 %47) #77 ------------- Good: 194 Bad: 12 Ignored: 239 Check Use of Function:ext4_xattr_delete_inode Check Use of Function:ext4_ind_truncate_ensure_credits Check Use of Function:congestion_wait Check Use of Function:ext4_ext_shift_extents Check Use of Function:qdisc_create Check Use of Function:block_commit_write Check Use of Function:ext4_split_extent_at Check Use of Function:ext4_issue_zeroout Check Use of Function:ext4_extent_block_csum_set Check Use of Function:ext4_es_insert_extent Check Use of Function:ext4_mb_mark_bb Check Use of Function:ext4_map_blocks Check Use of Function:ext4_release_io_end Check Use of Function:ext4_fc_commit Check Use of Function:ext4_get_block Check Use of Function:ext4_es_find_extent_range Check Use of Function:ext4_set_iomap Check Use of Function:ext4_es_remove_extent Check Use of Function:ext4_fc_track_range Check Use of Function:ext4_ind_remove_space Check Use of Function:jbd2_journal_inode_ranged_write Check Use of Function:__ext4_error_file Check Use of Function:__ext4_read_dirblock Use: =BAD PATH= Call Stack: 0 dx_probe 1 ext4_htree_fill_tree 2 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info** %17 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #76 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct* %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode*, %struct.inode** %6, align 8 %208 = getelementptr inbounds %struct.inode, %struct.inode* %207, i64 0, i32 8 %209 = load %struct.super_block*, %struct.super_block** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct* %220 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block, %struct.super_block* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #76 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #76 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #76 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #76 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #76 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %343, i32 %345, i32* %346) #76 Function:ext4_htree_fill_tree %5 = alloca %struct.dx_hash_info, align 8 %6 = alloca [3 x %struct.dx_frame], align 16 %7 = alloca %struct.uuidcmp, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.dx_hash_info* %5 to i8* %10 = bitcast [3 x %struct.dx_frame]* %6 to i8* %11 = bitcast %struct.uuidcmp* %7 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = getelementptr %struct.inode, %struct.inode* %13, i64 -1, i32 34 %15 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %14, i64 10, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 4096 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %73 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 0 store i32 %1, i32* %73, align 8 %74 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 1 store i32 0, i32* %74, align 4 %75 = getelementptr inbounds [3 x %struct.dx_frame], [3 x %struct.dx_frame]* %6, i64 0, i64 0 %76 = call fastcc %struct.dx_frame* @dx_probe(%struct.ext4_filename* null, %struct.inode* %13, %struct.dx_hash_info* nonnull %5, %struct.dx_frame* nonnull %75) #77 Function:dx_probe %5 = bitcast %struct.dx_frame* %3 to i8* %6 = tail call fastcc %struct.buffer_head* @__ext4_read_dirblock(%struct.inode* %1, i32 0, i32 1, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @__func__.dx_probe, i64 0, i64 0), i32 788) #76 ------------- Use: =BAD PATH= Call Stack: 0 dx_probe 1 __ext4_find_entry 2 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.util_est* %9 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.153259*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry*)*)(%struct.dentry* %1) #76 %22 = call fastcc %struct.buffer_head* @__ext4_find_entry(%struct.inode* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #76 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = load %struct.super_block*, %struct.super_block** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.util_est** %16 = load %struct.util_est*, %struct.util_est** %15, align 8 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %51 = load %struct.super_block*, %struct.super_block** %13, align 8 %52 = getelementptr inbounds %struct.super_block, %struct.super_block* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.ext4_sb_info** %54 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %53, align 16 %55 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %54, i64 0, i32 15 %56 = load %struct.ext4_super_block*, %struct.ext4_super_block** %55, align 8 %57 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %56, i64 0, i32 28 %58 = load i32, i32* %57, align 4 %59 = and i32 %58, 32 %60 = icmp eq i32 %59, 0 br i1 %60, label %251, label %61 %62 = load volatile i64, i64* %22, align 8 %63 = and i64 %62, 4096 %64 = icmp eq i64 %63, 0 br i1 %64, label %251, label %65 %66 = bitcast [3 x %struct.dx_frame]* %5 to i8* %67 = getelementptr inbounds [3 x %struct.dx_frame], [3 x %struct.dx_frame]* %5, i64 0, i64 0 %68 = call fastcc %struct.dx_frame* @dx_probe(%struct.ext4_filename* %1, %struct.inode* %0, %struct.dx_hash_info* null, %struct.dx_frame* nonnull %67) #76 Function:dx_probe %5 = bitcast %struct.dx_frame* %3 to i8* %6 = tail call fastcc %struct.buffer_head* @__ext4_read_dirblock(%struct.inode* %1, i32 0, i32 1, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @__func__.dx_probe, i64 0, i64 0), i32 788) #76 ------------- Good: 36 Bad: 2 Ignored: 5 Check Use of Function:__ext4_check_dir_entry Check Use of Function:ext4_htree_store_dirent Check Use of Function:ext4_enable_quotas Check Use of Function:ext4_orphan_cleanup Check Use of Function:ext4_mark_recovery_complete Check Use of Function:init_special_inode Check Use of Function:ext4_reset_inode_seed Check Use of Function:__ext4_new_inode Check Use of Function:__ext4_iget Check Use of Function:ext4_sb_bread Check Use of Function:__ext4_xattr_check_block Check Use of Function:ext4_xattr_inode_get Check Use of Function:mb_cache_entry_create Check Use of Function:mb_cache_entry_touch Check Use of Function:ext4_read_bh_lock Check Use of Function:__ext4_journal_get_create_access Check Use of Function:mpage_map_one_extent Check Use of Function:ext4_count_free_clusters Check Use of Function:__dquot_alloc_space Check Use of Function:d_splice_alias Check Use of Function:ext4_bio_write_page Check Use of Function:__pagevec_release Check Use of Function:ext4_truncate Check Use of Function:e1000_irq_disable Check Use of Function:ext4_discard_preallocations Check Use of Function:ext4_free_blocks Check Use of Function:truncate_pagecache_range Check Use of Function:__lock_buffer Check Use of Function:pagecache_isize_extended Check Use of Function:ext4_wait_for_tail_page_commit Check Use of Function:ext4_delete_entry Check Use of Function:__ext4_fc_track_link Check Use of Function:__ext4_fc_track_unlink Check Use of Function:device_reset Check Use of Function:__ext4_fc_track_create Check Use of Function:pci_read_config_dword Use: =BAD PATH= Call Stack: 0 pci_map_rom 1 pci_read_rom ------------- Path:  Function:pci_read_rom %7 = alloca i64, align 8 %8 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %9 = bitcast %struct.qspinlock* %8 to %struct.pci_dev.317892* %10 = bitcast i64* %7 to i8* %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 432, i32 0, i32 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %30, label %14 %15 = call i8* bitcast (i8* (%struct.pci_dev.321191*, i64*)* @pci_map_rom to i8* (%struct.pci_dev.317892*, i64*)*)(%struct.pci_dev.317892* %9, i64* nonnull %7) #76 Function:pci_map_rom %3 = alloca i32, align 4 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca i32, align 4 %6 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 5 %7 = load %struct.resource*, %struct.resource** %6, align 8 %8 = icmp eq %struct.resource* %7, null br i1 %8, label %9, label %12 %10 = tail call i32 bitcast (i32 (%struct.pci_dev.317892*, i32)* @pci_assign_resource to i32 (%struct.pci_dev.321191*, i32)*)(%struct.pci_dev.321191* %0, i32 6) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %129 %13 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 0 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 %18 = sub i64 1, %14 %19 = add i64 %18, %16 %20 = select i1 %17, i64 0, i64 %19 store i64 %20, i64* %1, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %129, label %22 %23 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6 %24 = bitcast %struct.cpu_itimer* %4 to i8* %25 = bitcast i32* %5 to i8* %26 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 3 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %50, label %29 %30 = and i64 %27, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %51 %33 = getelementptr inbounds %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 1 %34 = load %struct.pci_bus.321180*, %struct.pci_bus.321180** %33, align 8 call void bitcast (void (%struct.pci_bus.317894*, %struct.cpu_itimer*, %struct.resource*)* @pcibios_resource_to_bus to void (%struct.pci_bus.321180*, %struct.cpu_itimer*, %struct.resource*)*)(%struct.pci_bus.321180* %34, %struct.cpu_itimer* nonnull %4, %struct.resource* %23) #76 %35 = getelementptr inbounds %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 22 %36 = load i8, i8* %35, align 8 %37 = zext i8 %36 to i32 %38 = call i32 bitcast (i32 (%struct.pci_dev.317892*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev.321191*, i32, i32*)*)(%struct.pci_dev.321191* %0, i32 %37, i32* nonnull %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 amd_get_subcaches 1 subcaches_show ------------- Path:  Function:subcaches_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 32 %7 = bitcast i8* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = phi i32 [ %12, %10 ], [ 64, %3 ] %15 = tail call i32 @amd_get_subcaches(i32 %14) #76 Function:amd_get_subcaches %2 = alloca i32, align 4 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %7 = inttoptr i64 %6 to %struct.cpuinfo_x86* %8 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %7, i64 0, i32 30 %9 = load i16, i16* %8, align 8 %10 = load i16, i16* @amd_northbridges.0, align 8 %11 = icmp ugt i16 %10, %9 %12 = load %struct.amd_northbridge*, %struct.amd_northbridge** @amd_northbridges.2, align 8 %13 = zext i16 %9 to i64 %14 = getelementptr %struct.amd_northbridge, %struct.amd_northbridge* %12, i64 %13 %15 = select i1 %11, %struct.amd_northbridge* %14, %struct.amd_northbridge* null %16 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %15, i64 0, i32 2 %17 = load %struct.pci_dev*, %struct.pci_dev** %16, align 8 %18 = bitcast i32* %2 to i8* %19 = load i64, i64* @amd_northbridges.1, align 8 %20 = and i64 %19, 4 %21 = icmp eq i64 %20, 0 br i1 %21, label %34, label %22 %23 = call i32 bitcast (i32 (%struct.pci_dev.317892*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %17, i32 468, i32* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_0_show ------------- Path:  Function:cache_disable_0_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.317892*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 444, i32* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_1_show ------------- Path:  Function:cache_disable_1_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.317892*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 448, i32* nonnull %4) #76 ------------- Good: 1451 Bad: 4 Ignored: 1968 Check Use of Function:__ext4_journal_get_write_access Check Use of Function:ext4fs_dirhash Check Use of Function:ext4_handle_dirty_dx_node Check Use of Function:add_dirent_to_buf Check Use of Function:ext4_orphan_add Check Use of Function:ext4_add_entry Check Use of Function:ext4_fc_track_create Check Use of Function:ext4_fc_track_link Check Use of Function:acpi_exception Check Use of Function:ext4_quota_off Check Use of Function:percpu_free_rwsem Check Use of Function:__SCT__tp_func_ext4_da_reserve_space Check Use of Function:crypto_destroy_tfm Check Use of Function:ext4_es_unregister_shrinker Check Use of Function:jbd2_journal_destroy Check Use of Function:ext4_unregister_sysfs Check Use of Function:ext4_xattr_destroy_cache Check Use of Function:crypto_shash_update Check Use of Function:ext4_stop_mmpd Check Use of Function:ext4_inode_attach_jinode Check Use of Function:dquot_free_inode Check Use of Function:io_put_sq_data Check Use of Function:dquot_drop Check Use of Function:ext4_xattr_block_csum Check Use of Function:unlock_buffer Check Use of Function:__ext4_handle_dirty_metadata Check Use of Function:ext4_xattr_set_entry Check Use of Function:ext4_orphan_del Check Use of Function:scsi_ioctl Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %783, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %783, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %760 [ i32 8837, label %24 i32 8705, label %99 i32 8706, label %123 i32 8825, label %770 i32 8826, label %127 i32 8822, label %135 i32 8827, label %174 i32 8828, label %190 i32 8829, label %234 i32 8831, label %273 i32 8821, label %283 i32 8818, label %416 i32 8817, label %437 i32 8816, label %453 i32 8839, label %464 i32 8840, label %479 i32 8835, label %490 i32 8834, label %509 i32 8841, label %517 i32 8838, label %529 i32 8707, label %658 i32 1, label %681 i32 8830, label %692 i32 4711, label %707 i32 -1069018509, label %724 i32 4724, label %735 i32 4725, label %742 i32 4726, label %749 i32 21378, label %756 i32 21382, label %756 i32 21381, label %756 i32 8709, label %756 i32 8836, label %756 ] %682 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %683 = load volatile i32, i32* %682, align 4 %684 = icmp eq i32 %683, 0 br i1 %684, label %685, label %770 %686 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %687 = load %struct.scsi_device.625868*, %struct.scsi_device.625868** %686, align 8 %688 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 8 %689 = load i32, i32* %688, align 4 %690 = tail call i32 bitcast (i32 (%struct.scsi_device.618492*, %struct.gendisk.618339*, i32, i32, i8*)* @scsi_ioctl to i32 (%struct.scsi_device.625868*, %struct.gendisk.294687*, i32, i32, i8*)*)(%struct.scsi_device.625868* %687, %struct.gendisk.294687* null, i32 %689, i32 1, i8* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %783, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %783, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %760 [ i32 8837, label %24 i32 8705, label %99 i32 8706, label %123 i32 8825, label %770 i32 8826, label %127 i32 8822, label %135 i32 8827, label %174 i32 8828, label %190 i32 8829, label %234 i32 8831, label %273 i32 8821, label %283 i32 8818, label %416 i32 8817, label %437 i32 8816, label %453 i32 8839, label %464 i32 8840, label %479 i32 8835, label %490 i32 8834, label %509 i32 8841, label %517 i32 8838, label %529 i32 8707, label %658 i32 1, label %681 i32 8830, label %692 i32 4711, label %707 i32 -1069018509, label %724 i32 4724, label %735 i32 4725, label %742 i32 4726, label %749 i32 21378, label %756 i32 21382, label %756 i32 21381, label %756 i32 8709, label %756 i32 8836, label %756 ] %25 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %770 %29 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %30 = load %struct.scsi_device.625868*, %struct.scsi_device.625868** %29, align 8 %31 = tail call i32 bitcast (i32 (%struct.scsi_device.619290*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.625868*)*)(%struct.scsi_device.625868* %30) #76 %32 = icmp eq i32 %31, 0 br i1 %32, label %770, label %33 %34 = call fastcc i64 @sg_new_write(%struct.sg_fd* nonnull %10, %struct.file.294777* %0, i8* %7, i64 88, i32 %23, i32 1, %struct.sg_request** nonnull %4) #76 %35 = trunc i64 %34 to i32 %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %40 %38 = shl i64 %34, 32 %39 = ashr exact i64 %38, 32 br label %772 %773 = phi i64 [ %755, %749 ], [ %748, %742 ], [ %741, %735 ], [ %734, %724 ], [ %723, %707 ], [ %702, %700 ], [ %691, %685 ], [ %680, %662 ], [ %528, %517 ], [ %516, %509 ], [ %501, %499 ], [ %489, %479 ], [ %474, %472 ], [ %463, %453 ], [ %447, %445 ], [ %436, %416 ], [ %294, %292 ], [ %282, %273 ], [ %272, %264 ], [ %220, %211 ], [ %233, %226 ], [ %184, %182 ], [ %173, %172 ], [ %134, %127 ], [ %126, %123 ], [ %110, %108 ], [ %39, %37 ], [ %95, %87 ], [ %79, %96 ], [ %657, %656 ], [ %769, %761 ] %774 = trunc i64 %773 to i32 %775 = icmp eq i32 %774, -515 br i1 %775, label %776, label %783 %777 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %778 = load %struct.scsi_device.625868*, %struct.scsi_device.625868** %777, align 8 %779 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 8 %780 = load i32, i32* %779, align 4 %781 = call i32 bitcast (i32 (%struct.scsi_device.618492*, %struct.gendisk.618339*, i32, i32, i8*)* @scsi_ioctl to i32 (%struct.scsi_device.625868*, %struct.gendisk.294687*, i32, i32, i8*)*)(%struct.scsi_device.625868* %778, %struct.gendisk.294687* null, i32 %780, i32 %1, i8* %7) #76 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:__ext4_mark_inode_dirty Check Use of Function:ext4_clear_inode Check Use of Function:__ext4_journal_stop Check Use of Function:ext4_xattr_inode_array_free Check Use of Function:__ext4_error_inode Use: =BAD PATH= Call Stack: 0 ext4_rename2 ------------- Path:  Function:ext4_rename2 %7 = alloca %struct.ext4_filename, align 8 %8 = alloca %struct.ext4_filename, align 8 %9 = alloca %struct.ext4_renament, align 8 %10 = alloca %struct.ext4_renament, align 8 %11 = alloca %struct.ext4_filename, align 8 %12 = alloca %struct.ext4_dir_entry_2*, align 8 %13 = alloca %struct.ext4_filename, align 8 %14 = alloca %struct.ext4_dir_entry_2*, align 8 %15 = alloca i32, align 4 %16 = alloca %struct.ext4_filename, align 8 %17 = alloca %struct.ext4_filename, align 8 %18 = alloca %struct.ext4_filename, align 8 %19 = alloca %struct.ext4_renament, align 8 %20 = alloca %struct.ext4_renament, align 8 %21 = alloca %struct.ext4_renament, align 8 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %23 = load %struct.super_block*, %struct.super_block** %22, align 8 %24 = getelementptr inbounds %struct.super_block, %struct.super_block* %23, i64 0, i32 28 %25 = bitcast i8** %24 to %struct.ext4_sb_info** %26 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %25, align 16 %27 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %26, i64 0, i32 48 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 2 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %1219, !prof !4, !misexpect !5 %32 = icmp ult i32 %5, 8 br i1 %32, label %33, label %1219 %34 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 16384 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %1219 %39 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 16384 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %1219 %44 = and i32 %5, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %502, label %46 %503 = bitcast %struct.ext4_renament* %20 to i8* %504 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 0 store %struct.inode* %1, %struct.inode** %504, align 8 %505 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 1 store %struct.dentry* %2, %struct.dentry** %505, align 8 %506 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 2 %507 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %508 = bitcast %struct.inode** %507 to i64* %509 = load i64, i64* %508, align 8 %510 = bitcast %struct.inode** %506 to i64* store i64 %509, i64* %510, align 8 %511 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 3 store i8 0, i8* %511, align 8 %512 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 4 %513 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 5 %514 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 6 %515 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 8 %516 = bitcast %struct.ext4_renament* %21 to i8* %517 = bitcast i32* %512 to i8* %518 = bitcast %struct.buffer_head** %515 to i8* %519 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 0 store %struct.inode* %3, %struct.inode** %519, align 8 %520 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 1 store %struct.dentry* %4, %struct.dentry** %520, align 8 %521 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 2 %522 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %523 = load %struct.inode*, %struct.inode** %522, align 8 store %struct.inode* %523, %struct.inode** %521, align 8 %524 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 3 store i8 0, i8* %524, align 8 %525 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 4 %526 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 5 %527 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 6 %528 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 7 %529 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 8 %530 = icmp eq %struct.inode* %523, null %531 = inttoptr i64 %509 to i8* %532 = bitcast i32* %525 to i8* %533 = bitcast %struct.buffer_head** %529 to i8* br i1 %530, label %539, label %534 %535 = getelementptr inbounds %struct.inode, %struct.inode* %523, i64 0, i32 12, i32 0 %536 = load i32, i32* %535, align 8 %537 = icmp eq i32 %536, 0 br i1 %537, label %538, label %539 tail call void (%struct.inode*, i8*, i32, i64, i32, i8*, ...) @__ext4_error_inode(%struct.inode* nonnull %523, i8* getelementptr inbounds ([12 x i8], [12 x i8]* @__func__.ext4_rename, i64 0, i64 0), i32 3715, i64 0, i32 0, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.44.19468, i64 0, i64 0)) #76 ------------- Good: 359 Bad: 1 Ignored: 122 Check Use of Function:ext4_fc_mark_ineligible Check Use of Function:__request_region Check Use of Function:ext4_xattr_block_find Check Use of Function:ip6_route_del Check Use of Function:drm_dev_exit Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.381449*, %struct.drm_device.381449** %9, align 8 %11 = bitcast i32* %3 to i8* %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.381449* %10, i32* nonnull %3) #76 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl_kernel 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %16 = bitcast %struct.util_est* %4 to i8* %17 = bitcast %struct.drm_i915_getparam* %5 to i8* %18 = inttoptr i64 %2 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %16, i8* %18, i64 8) #76 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %32 %22 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 0 store i32 %23, i32* %24, align 8 %25 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to i8* %29 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 1 %30 = bitcast i32** %29 to i8** store i8* %28, i8** %30, align 8 %31 = call i64 bitcast (i64 (%struct.file*, i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)*, i8*, i32)* @drm_ioctl_kernel to i64 (%struct.file.434817*, i32 (%struct.drm_device.434918*, i8*, %struct.drm_file.434822*)*, i8*, i32)*)(%struct.file.434817* %0, i32 (%struct.drm_device.434918*, i8*, %struct.drm_file.434822*)* nonnull bitcast (i32 (%struct.drm_device.381449*, i8*, %struct.drm_file*)* @i915_getparam_ioctl to i32 (%struct.drm_device.434918*, i8*, %struct.drm_file.434822*)*), i8* nonnull %17, i32 32) #76 Function:drm_ioctl_kernel %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %10 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %9, align 8 %11 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %10, i64 0, i32 3 %12 = load %struct.drm_device.391939*, %struct.drm_device.391939** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %12, i32* nonnull %5) #76 br i1 %14, label %16, label %15 %17 = load i32, i32* %5, align 4 call void @drm_dev_exit(i32 %17) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 ------------- Good: 2 Bad: 4 Ignored: 24 Check Use of Function:track_pfn_insert Check Use of Function:insert_pfn Check Use of Function:dec_usb_memory_use_count Check Use of Function:__SCT__tp_func_ext4_shutdown Check Use of Function:freeze_bdev Check Use of Function:ext4_force_commit Check Use of Function:jbd2_journal_abort Check Use of Function:vm_mmap_pgoff Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap 1 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %159 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %159, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %159 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %159, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #76 %31 = bitcast i8* %30 to %struct.drm_i915_gem_object.448284* %32 = icmp eq i8* %30, null br i1 %32, label %57, label %33 %34 = bitcast i8* %30 to %struct.seqcount_spinlock* %35 = bitcast i8* %30 to i32* %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %48, label %38 %39 = phi i32 [ %46, %45 ], [ %36, %33 ] %40 = add i32 %39, 1 %41 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %35, i32 %40, i32* nonnull %35, i32 %39) #6, !srcloc !5 %42 = extractvalue { i8, i32 } %41, 0 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %45, label %48, !prof !6, !misexpect !7 %46 = extractvalue { i8, i32 } %41, 1 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %38 %49 = phi i32 [ 0, %33 ], [ %39, %38 ], [ 0, %45 ] %50 = add i32 %49, 1 %51 = or i32 %50, %49 %52 = icmp sgt i32 %51, -1 br i1 %52, label %54, label %53, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %34, i32 0) #76 br label %54 %55 = icmp eq i32 %49, 0 %56 = select i1 %55, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %31 br label %57 %58 = phi %struct.drm_i915_gem_object.448284* [ null, %25 ], [ %56, %54 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %59 = icmp eq %struct.drm_i915_gem_object.448284* %58, null br i1 %59, label %159, label %60 %61 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 3 %62 = load %struct.file*, %struct.file** %61, align 8 %63 = icmp eq %struct.file* %62, null br i1 %63, label %144, label %64 %65 = getelementptr inbounds i8, i8* %1, i64 8 %66 = bitcast i8* %65 to i64* %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds i8, i8* %1, i64 16 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %67 br i1 %72, label %73, label %144 %74 = load i64, i64* %69, align 8 %75 = sub i64 %71, %67 %76 = icmp ugt i64 %74, %75 br i1 %76, label %144, label %77 %78 = tail call i64 @vm_mmap(%struct.file* nonnull %62, i64 0, i64 %74, i64 3, i64 1, i64 %67) #76 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #76 ------------- Good: 10 Bad: 6 Ignored: 4 Check Use of Function:user_shm_lock Check Use of Function:ip6_input Check Use of Function:ip_local_deliver Check Use of Function:ip_options_rcv_srr Check Use of Function:i8042_create_aux_port Check Use of Function:put_mnt_ns Use: =BAD PATH= Call Stack: 0 mntns_put ------------- Path:  Function:mntns_put %2 = bitcast %struct.ns_common* %0 to %struct.mnt_namespace* tail call void @put_mnt_ns(%struct.mnt_namespace* %2) #76 ------------- Good: 11 Bad: 1 Ignored: 3 Check Use of Function:dev_add_pack Check Use of Function:perf_event_set_output Check Use of Function:__ext4_msg Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info** %17 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #76 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct* %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode*, %struct.inode** %6, align 8 %208 = getelementptr inbounds %struct.inode, %struct.inode* %207, i64 0, i32 8 %209 = load %struct.super_block*, %struct.super_block** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct* %220 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block, %struct.super_block* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #76 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #76 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #76 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #76 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #76 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %343, i32 %345, i32* %346) #76 %348 = icmp slt i32 %347, 0 br i1 %348, label %349, label %351 %352 = icmp eq i32 %347, 0 br i1 %352, label %353, label %370 %371 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %301) #76 store %struct.rb_node* %371, %struct.rb_node** %291, align 8 %372 = bitcast %struct.rb_node* %371 to i8* br label %373 %374 = phi i8* [ %288, %293 ], [ %372, %370 ] %375 = phi i32 [ %290, %293 ], [ %347, %370 ] %376 = getelementptr i8, i8* %374, i64 -8 %377 = bitcast i8* %376 to %struct.fname* %378 = bitcast i8* %376 to i32* %379 = load i32, i32* %378, align 8 %380 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %379, i32* %380, align 8 %381 = getelementptr i8, i8* %374, i64 -4 %382 = bitcast i8* %381 to i32* %383 = load i32, i32* %382, align 4 %384 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 %383, i32* %384, align 4 %385 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %386 = load %struct.inode*, %struct.inode** %6, align 8 %387 = getelementptr inbounds %struct.inode, %struct.inode* %386, i64 0, i32 8 %388 = load %struct.super_block*, %struct.super_block** %387, align 8 %389 = icmp eq i8* %376, null br i1 %389, label %390, label %396 %391 = getelementptr inbounds %struct.inode, %struct.inode* %386, i64 0, i32 11 %392 = load i64, i64* %391, align 8 %393 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %394 = inttoptr i64 %393 to %struct.task_struct* %395 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %394, i64 0, i32 87, i64 0 tail call void (%struct.super_block*, i8*, i8*, ...) @__ext4_msg(%struct.super_block* %388, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.11.19050, i64 0, i64 0), i8* getelementptr inbounds ([54 x i8], [54 x i8]* @.str.12.19051, i64 0, i64 0), i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.call_filldir, i64 0, i64 0), i32 532, i64 %392, i8* %395) #76 ------------- Good: 329 Bad: 1 Ignored: 32 Check Use of Function:serial8250_config_port Check Use of Function:ext4_release_system_zone Check Use of Function:bdev_del_partition Check Use of Function:bdev_add_partition Check Use of Function:bdev_resize_partition Check Use of Function:pipe_write Check Use of Function:hung_up_tty_write Check Use of Function:write_iter_null Check Use of Function:devkmsg_write Check Use of Function:tty_write Check Use of Function:dma_sync_single_for_device Check Use of Function:proc_sys_write Check Use of Function:tcf_chain_flush Check Use of Function:drm_syncobj_open Check Use of Function:blkdev_write_iter Check Use of Function:errseq_check_and_advance Use: =BAD PATH= Call Stack: 0 file_check_and_advance_wb_err 1 ext4_sync_file ------------- Path:  Function:ext4_sync_file %5 = getelementptr inbounds %struct.file.193507, %struct.file.193507* %0, i64 0, i32 18 %6 = load %struct.address_space.193693*, %struct.address_space.193693** %5, align 8 %7 = getelementptr inbounds %struct.address_space.193693, %struct.address_space.193693* %6, i64 0, i32 0 %8 = load %struct.inode.193689*, %struct.inode.193689** %7, align 8 %9 = getelementptr inbounds %struct.inode.193689, %struct.inode.193689* %8, i64 0, i32 8 %10 = load %struct.super_block.193671*, %struct.super_block.193671** %9, align 8 %11 = getelementptr inbounds %struct.super_block.193671, %struct.super_block.193671* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ext4_sb_info.193846** %13 = load %struct.ext4_sb_info.193846*, %struct.ext4_sb_info.193846** %12, align 16 %14 = getelementptr inbounds %struct.ext4_sb_info.193846, %struct.ext4_sb_info.193846* %13, i64 0, i32 48 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %187, !prof !4, !misexpect !5 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.193805** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.193805**)) #11, !srcloc !6 %20 = inttoptr i64 %19 to %struct.task_struct.193805* %21 = getelementptr inbounds %struct.task_struct.193805, %struct.task_struct.193805* %20, i64 0, i32 118 %22 = bitcast i8** %21 to %struct.jbd2_journal_handle.193848** %23 = load %struct.jbd2_journal_handle.193848*, %struct.jbd2_journal_handle.193848** %22, align 64 %24 = icmp eq %struct.jbd2_journal_handle.193848* %23, null br i1 %24, label %27, label %25, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_sync_file_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ext4_sync_file, %28)) #6 to label %42 [label %28], !srcloc !9 %43 = load %struct.super_block.193671*, %struct.super_block.193671** %9, align 8 %44 = getelementptr inbounds %struct.super_block.193671, %struct.super_block.193671* %43, i64 0, i32 10 %45 = load i64, i64* %44, align 16 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 br i1 %47, label %58, label %48 %59 = tail call i32 bitcast (i32 (%struct.file*, i64, i64)* @file_write_and_wait_range to i32 (%struct.file.193507*, i64, i64)*)(%struct.file.193507* %0, i64 %1, i64 %2) #77 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %168 %62 = getelementptr inbounds %struct.ext4_sb_info.193846, %struct.ext4_sb_info.193846* %13, i64 0, i32 47 %63 = load %struct.journal_s.193828*, %struct.journal_s.193828** %62, align 8 %64 = icmp eq %struct.journal_s.193828* %63, null br i1 %64, label %65, label %126 %66 = getelementptr inbounds %struct.inode.193689, %struct.inode.193689* %8, i64 0, i32 9 %67 = load %struct.address_space.193693*, %struct.address_space.193693** %66, align 8 %68 = tail call i32 bitcast (i32 (%struct.address_space.159864*)* @sync_mapping_buffers to i32 (%struct.address_space.193693*)*)(%struct.address_space.193693* %67) #77 %69 = getelementptr inbounds %struct.inode.193689, %struct.inode.193689* %8, i64 0, i32 23 %70 = load i64, i64* %69, align 8 %71 = and i64 %70, 2055 %72 = icmp eq i64 %71, 0 br i1 %72, label %168, label %73 %74 = icmp ne i32 %3, 0 %75 = and i64 %70, 2 %76 = icmp eq i64 %75, 0 %77 = and i1 %74, %76 br i1 %77, label %168, label %78 %79 = tail call i32 bitcast (i32 (%struct.inode*, i32)* @sync_inode_metadata to i32 (%struct.inode.193689*, i32)*)(%struct.inode.193689* %8, i32 1) #77 %80 = icmp eq i32 %68, 0 %81 = select i1 %80, i32 %79, i32 %68 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %116 %84 = getelementptr %struct.inode.193689, %struct.inode.193689* %8, i64 -1, i32 34 %85 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %84, i64 10, i32 0 %86 = load volatile i64, i64* %85, align 8 %87 = and i64 %86, 274877906944 %88 = icmp eq i64 %87, 0 br i1 %88, label %116, label %89 %90 = tail call %struct.dentry.193676* bitcast (%struct.dentry.149376* (%struct.inode.149388*)* @d_find_any_alias to %struct.dentry.193676* (%struct.inode.193689*)*)(%struct.inode.193689* %8) #77 %91 = icmp eq %struct.dentry.193676* %90, null br i1 %91, label %116, label %92 %93 = phi %struct.inode.193689* [ %105, %110 ], [ %8, %89 ] %94 = phi %struct.dentry.193676* [ %103, %110 ], [ %90, %89 ] %95 = getelementptr %struct.inode.193689, %struct.inode.193689* %93, i64 -1, i32 34 %96 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %95, i64 10, i32 0 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 274877906944 %99 = icmp eq i64 %98, 0 br i1 %99, label %113, label %100 %101 = bitcast i64* %96 to i8* %102 = getelementptr i8, i8* %101, i64 4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %102, i32 -65, i8* %102) #6, !srcloc !15 %103 = tail call %struct.dentry.193676* bitcast (%struct.dentry.149376* (%struct.dentry.149376*)* @dget_parent to %struct.dentry.193676* (%struct.dentry.193676*)*)(%struct.dentry.193676* %94) #77 tail call void bitcast (void (%struct.dentry.149376*)* @dput to void (%struct.dentry.193676*)*)(%struct.dentry.193676* %94) #77 %104 = getelementptr inbounds %struct.dentry.193676, %struct.dentry.193676* %103, i64 0, i32 5 %105 = load %struct.inode.193689*, %struct.inode.193689** %104, align 8 %106 = getelementptr inbounds %struct.inode.193689, %struct.inode.193689* %105, i64 0, i32 9 %107 = load %struct.address_space.193693*, %struct.address_space.193693** %106, align 8 %108 = tail call i32 bitcast (i32 (%struct.address_space.159864*)* @sync_mapping_buffers to i32 (%struct.address_space.193693*)*)(%struct.address_space.193693* %107) #77 %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %113 %111 = tail call i32 bitcast (i32 (%struct.inode*, i32)* @sync_inode_metadata to i32 (%struct.inode.193689*, i32)*)(%struct.inode.193689* %105, i32 1) #77 %112 = icmp eq i32 %111, 0 br i1 %112, label %92, label %113 %114 = phi %struct.dentry.193676* [ %103, %100 ], [ %103, %110 ], [ %94, %92 ] %115 = phi i32 [ %108, %100 ], [ %111, %110 ], [ 0, %92 ] tail call void bitcast (void (%struct.dentry.149376*)* @dput to void (%struct.dentry.193676*)*)(%struct.dentry.193676* %114) #77 br label %116 %117 = phi i32 [ %81, %78 ], [ %115, %113 ], [ 0, %83 ], [ 0, %89 ] %118 = load %struct.super_block.193671*, %struct.super_block.193671** %9, align 8 %119 = getelementptr inbounds %struct.super_block.193671, %struct.super_block.193671* %118, i64 0, i32 28 %120 = bitcast i8** %119 to %struct.ext4_sb_info.193846** %121 = load %struct.ext4_sb_info.193846*, %struct.ext4_sb_info.193846** %120, align 16 %122 = getelementptr inbounds %struct.ext4_sb_info.193846, %struct.ext4_sb_info.193846* %121, i64 0, i32 17 %123 = load i32, i32* %122, align 8 %124 = and i32 %123, 131072 %125 = icmp eq i32 %124, 0 br i1 %125, label %168, label %160 %169 = phi i32 [ %59, %58 ], [ %57, %48 ], [ %167, %160 ], [ %156, %155 ], [ %117, %116 ], [ %68, %73 ], [ %68, %65 ], [ %132, %130 ] %170 = tail call i32 bitcast (i32 (%struct.file*)* @file_check_and_advance_wb_err to i32 (%struct.file.193507*)*)(%struct.file.193507* %0) #77 Function:file_check_and_advance_wb_err %2 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 19 %3 = load volatile i32, i32* %2, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %5 = load %struct.address_space*, %struct.address_space** %4, align 8 %6 = getelementptr inbounds %struct.address_space, %struct.address_space* %5, i64 0, i32 11 %7 = tail call i32 @errseq_check(i32* %6, i32 %3) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %30, label %9 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 4 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = load i32, i32* %2, align 8 %13 = tail call i32 @errseq_check_and_advance(i32* %6, i32* %2) #76 ------------- Good: 9 Bad: 1 Ignored: 11 Check Use of Function:generic_file_write_iter Check Use of Function:proc_reg_read_iter Check Use of Function:pipe_read Check Use of Function:hugetlbfs_read_iter Check Use of Function:dma_unmap_page_attrs Check Use of Function:proc_sys_read Check Use of Function:rw_verify_area Check Use of Function:kernfs_fop_read_iter Check Use of Function:eventfd_read Check Use of Function:generic_file_read_iter Use: =BAD PATH= Call Stack: 0 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 ------------- Good: 2 Bad: 1 Ignored: 1 Check Use of Function:read_iter_zero Check Use of Function:aio_complete_rw Check Use of Function:seq_read_iter Use: =BAD PATH= Call Stack: 0 kernfs_fop_read_iter ------------- Path:  Function:kernfs_fop_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.kernfs_open_file** %10 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 0 %12 = load %struct.kernfs_node*, %struct.kernfs_node** %11, align 8 %13 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %12, i64 0, i32 10 %14 = load i16, i16* %13, align 8 %15 = and i16 %14, 64 %16 = icmp eq i16 %15, 0 br i1 %16, label %19, label %17 %18 = tail call i64 @seq_read_iter(%struct.kiocb* %0, %struct.iov_iter* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #76 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #77 ------------- Good: 0 Bad: 114 Ignored: 120 Check Use of Function:hung_up_tty_read Check Use of Function:tty_vhangup_self Check Use of Function:shmem_unlock_mapping Check Use of Function:nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs4_do_setattr 1 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #76 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236617** %24 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236617* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236617* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236617* %31, %struct.nfs4_label* null) #77 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236590** %15 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236617* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236616* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236616* %22, %struct.nfs4_state.236616** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %44, align 1 %45 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = and i32 %46, 6145 %48 = icmp eq i32 %47, 0 %49 = select i1 %48, i64 256, i64 131328 %50 = and i32 %46, 6 %51 = icmp eq i32 %50, 0 %52 = or i64 %49, 4096 %53 = select i1 %51, i64 %49, i64 %52 %54 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 35, i64 0 %55 = bitcast i32* %54 to i8* %56 = icmp eq %struct.inode* %0, null %57 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %58 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %57, i64 9, i32 1 %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.236616* %22, null %62 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %22, i64 0, i32 13 br label %63 br i1 %56, label %89, label %64 %65 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_write_setup ------------- Path:  Function:nfs4_proc_write_setup %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %0, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %0, i64 0, i32 26 %12 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %11, align 8 %13 = icmp eq %struct.nfs_client.236648* %12, null br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %0, i64 0, i32 13 %16 = load %struct.nfs_direct_req*, %struct.nfs_direct_req** %15, align 8 %17 = icmp eq %struct.nfs_direct_req* %16, null br i1 %17, label %18, label %21 %19 = tail call i32 @nfs4_have_delegation(%struct.inode* %5, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 %130 = load i8, i8* %57, align 8 %131 = and i8 %130, 8 %132 = icmp eq i8 %131, 0 br i1 %132, label %133, label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = bitcast [3 x i32]* %8 to i8* %16 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %21 = bitcast %struct.nfs4_getattr_res* %10 to i8* %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %26 = bitcast %struct.rpc_message* %11 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs4_server_caps_arg** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs4_getattr_res** %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %33 = icmp eq %struct.inode* %4, null %34 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 8 %35 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %36 = bitcast i32* %35 to i8* %37 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 17 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %37, i64 9, i32 1 %39 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 1 %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %46 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %50 = bitcast %struct.rpc_task_setup* %7 to i8* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %53 = bitcast %struct.rpc_clnt** %52 to i64* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %56 = bitcast %struct.rpc_xprt** %54 to i8* %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %58 = bitcast %struct.rpc_call_ops** %57 to i64* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %60 = bitcast i8** %59 to %struct.nfs4_call_sync_data** %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 %64 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %65 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %25, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 18), %struct.rpc_procinfo** %27, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %29, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %31, align 8 store %struct.cred* null, %struct.cred** %32, align 8 br i1 %33, label %66, label %67 %68 = load i32, i32* %34, align 8 %69 = lshr i32 %68, 11 %70 = trunc i32 %69 to i16 %71 = and i16 %70, 4096 %72 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %4, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #76 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq i64 %1, 0 %9 = select i1 %8, i32 1, i32 2 %10 = tail call i32 @nfs4_have_delegation(%struct.inode* %7, i32 %9) #76 ------------- Good: 6 Bad: 5 Ignored: 2 Check Use of Function:exportfs_decode_fh Check Use of Function:perf_install_in_context Check Use of Function:security_read_policy Check Use of Function:simple_read_from_buffer Use: =BAD PATH= Call Stack: 0 sel_read_handle_status ------------- Path:  Function:sel_read_handle_status %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.page** %7 = load %struct.page*, %struct.page** %6, align 8 %8 = icmp eq %struct.page* %7, null br i1 %8, label %9, label %10, !prof !4, !misexpect !5 %11 = load i64, i64* @vmemmap_base, align 8 %12 = ptrtoint %struct.page* %7 to i64 %13 = sub i64 %12, %11 %14 = shl i64 %13, 6 %15 = load i64, i64* @page_offset_base, align 8 %16 = add i64 %14, %15 %17 = inttoptr i64 %16 to i8* %18 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %17, i64 20) #76 ------------- Use: =BAD PATH= Call Stack: 0 u32_array_read ------------- Path:  Function:u32_array_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = tail call i64 @strlen(i8* %6) #76 %8 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %6, i64 %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 auxv_read ------------- Path:  Function:auxv_read %5 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.mm_struct.177977** %7 = load %struct.mm_struct.177977*, %struct.mm_struct.177977** %6, align 8 %8 = icmp eq %struct.mm_struct.177977* %7, null br i1 %8, label %22, label %9 %10 = phi i32 [ %11, %9 ], [ 0, %4 ] %11 = add i32 %10, 2 %12 = zext i32 %10 to i64 %13 = getelementptr %struct.mm_struct.177977, %struct.mm_struct.177977* %7, i64 0, i32 0, i32 41, i64 %12 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %9 %17 = getelementptr inbounds %struct.mm_struct.177977, %struct.mm_struct.177977* %7, i64 0, i32 0, i32 41, i64 0 %18 = bitcast i64* %17 to i8* %19 = zext i32 %11 to i64 %20 = shl nuw nsw i64 %19, 3 %21 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %18, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_attr_read ------------- Path:  Function:proc_pid_attr_read %5 = alloca i8*, align 8 %6 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 2 %7 = load %struct.inode.177941*, %struct.inode.177941** %6, align 8 %8 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %9 = getelementptr %struct.inode.177941, %struct.inode.177941* %7, i64 -1, i32 41, i32 13 %10 = bitcast %struct.list_head* %9 to %struct.pid.177739** %11 = load %struct.pid.177739*, %struct.pid.177739** %10, align 8 %12 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %11, i32 0) #76 %13 = icmp eq %struct.task_struct.178066* %12, null br i1 %13, label %42, label %14 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 1 %16 = bitcast %struct.list_head* %15 to i8** %17 = load i8*, i8** %16, align 8 %18 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry.177930*, %struct.dentry.177930** %18, align 8 %20 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %19, i64 0, i32 4, i32 1 %21 = load i8*, i8** %20, align 8 %22 = call i32 bitcast (i32 (%struct.task_struct*, i8*, i8*, i8**)* @security_getprocattr to i32 (%struct.task_struct.178066*, i8*, i8*, i8**)*)(%struct.task_struct.178066* nonnull %12, i8* %17, i8* %21, i8** nonnull %5) #76 %23 = sext i32 %22 to i64 %24 = getelementptr inbounds %struct.task_struct.178066, %struct.task_struct.178066* %12, i64 0, i32 3 %25 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 -1, i32* %25) #6, !srcloc !4 %27 = icmp eq i32 %26, 1 br i1 %27, label %33, label %28 %29 = add i32 %26, -1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !5, !misexpect !6 %35 = icmp sgt i32 %22, 0 br i1 %35, label %36, label %39 %37 = load i8*, i8** %5, align 8 %38 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %37, i64 %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 bm_status_read ------------- Path:  Function:bm_status_read %5 = load i1, i1* @enabled, align 4 %6 = select i1 %5, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.6.17919, i64 0, i64 0), i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17920, i64 0, i64 0) %7 = select i1 %5, i64 9, i64 8 %8 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %6, i64 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 tlbflush_read_file ------------- Path:  Function:tlbflush_read_file %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* @tlb_single_page_flush_ceiling, align 8 %8 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %6, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.4464, i64 0, i64 0), i64 %7) #76 %9 = zext i32 %8 to i64 %10 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 %9) #77 ------------- Use: =BAD PATH= Call Stack: 0 init_pkru_read_file ------------- Path:  Function:init_pkru_read_file %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = load i32, i32* @init_pkru_value, align 4 %8 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %6, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.1.4688, i64 0, i64 0), i32 %7) #76 %9 = zext i32 %8 to i64 %10 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 %9) #77 ------------- Use: =BAD PATH= Call Stack: 0 cpu_latency_qos_read ------------- Path:  Function:cpu_latency_qos_read %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pm_qos_request** %8 = load %struct.pm_qos_request*, %struct.pm_qos_request** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = icmp eq %struct.pm_qos_request* %8, null br i1 %10, label %36, label %11 %12 = getelementptr inbounds %struct.pm_qos_request, %struct.pm_qos_request* %8, i64 0, i32 1 %13 = load %struct.pm_qos_constraints*, %struct.pm_qos_constraints** %12, align 8 %14 = icmp eq %struct.pm_qos_constraints* %13, @cpu_latency_constraints br i1 %14, label %15, label %36 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pm_qos_lock, i64 0, i32 0, i32 0)) #76 %17 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.pm_qos_constraints, %struct.pm_qos_constraints* @cpu_latency_constraints, i64 0, i32 0, i32 0, i32 0), align 8 %18 = icmp eq %struct.list_head* %17, getelementptr inbounds (%struct.pm_qos_constraints, %struct.pm_qos_constraints* @cpu_latency_constraints, i64 0, i32 0, i32 0) br i1 %18, label %19, label %21 %20 = load i32, i32* getelementptr inbounds (%struct.pm_qos_constraints, %struct.pm_qos_constraints* @cpu_latency_constraints, i64 0, i32 3), align 8 br label %33 %34 = phi i32 [ %20, %19 ], [ -1, %32 ], [ %31, %27 ], [ %26, %23 ] store i32 %34, i32* %5, align 4 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pm_qos_lock, i64 0, i32 0, i32 0), i64 %16) #76 %35 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 read_enabled_file_bool ------------- Path:  Function:read_enabled_file_bool %5 = alloca [3 x i8], align 1 %6 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 0 %7 = load i1, i1* @kprobes_all_disarmed, align 1 %8 = select i1 %7, i8 48, i8 49 store i8 %8, i8* %6, align 1 %9 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 1 store i8 10, i8* %9, align 1 %10 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 2 store i8 0, i8* %10, align 1 %11 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 trace_options_read ------------- Path:  Function:trace_options_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_option_dentry** %7 = load %struct.trace_option_dentry*, %struct.trace_option_dentry** %6, align 8 %8 = getelementptr inbounds %struct.trace_option_dentry, %struct.trace_option_dentry* %7, i64 0, i32 1 %9 = load %struct.tracer_flags*, %struct.tracer_flags** %8, align 8 %10 = getelementptr inbounds %struct.tracer_flags, %struct.tracer_flags* %9, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = getelementptr inbounds %struct.trace_option_dentry, %struct.trace_option_dentry* %7, i64 0, i32 0 %13 = load %struct.uuidcmp*, %struct.uuidcmp** %12, align 8 %14 = getelementptr inbounds %struct.uuidcmp, %struct.uuidcmp* %13, i64 0, i32 1 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, %11 %17 = icmp eq i32 %16, 0 %18 = select i1 %17, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.138.11154, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.137.11155, i64 0, i64 0) %19 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %18, i64 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_readme_read ------------- Path:  Function:tracing_readme_read %5 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* getelementptr inbounds ([4692 x i8], [4692 x i8]* @readme_msg, i64 0, i64 0), i64 4691) #76 ------------- Use: =BAD PATH= Call Stack: 0 trace_options_core_read ------------- Path:  Function:trace_options_core_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = load i8, i8* %6, align 1 %8 = zext i8 %7 to i32 %9 = zext i8 %7 to i64 %10 = sub nsw i64 0, %9 %11 = getelementptr i8, i8* %6, i64 %10 %12 = getelementptr i8, i8* %11, i64 -124 %13 = getelementptr inbounds i8, i8* %12, i64 120 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = shl nuw i32 1, %8 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 %19 = select i1 %18, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.138.11154, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.137.11155, i64 0, i64 0) %20 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %19, i64 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 buffer_percent_read ------------- Path:  Function:buffer_percent_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 11 %11 = load i32, i32* %10, align 8 %12 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %9, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.174.11231, i64 0, i64 0), i32 %11) #76 %13 = sext i32 %12 to i64 %14 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 %13) #77 ------------- Use: =BAD PATH= Call Stack: 0 rb_simple_read ------------- Path:  Function:rb_simple_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %11 = load %struct.trace_buffer*, %struct.trace_buffer** %10, align 8 %12 = icmp eq %struct.trace_buffer* %11, null br i1 %12, label %15, label %13 %14 = tail call zeroext i1 @ring_buffer_record_is_on(%struct.trace_buffer* nonnull %11) #76 br label %19 %20 = phi i1 [ %14, %13 ], [ %18, %15 ] %21 = zext i1 %20 to i32 %22 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %9, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.174.11231, i64 0, i64 0), i32 %21) #77 %23 = sext i32 %22 to i64 %24 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 event_id_read ------------- Path:  Function:event_id_read %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file.108279, %struct.file.108279* %0, i64 0, i32 2 %7 = load %struct.inode.108328*, %struct.inode.108328** %6, align 8 %8 = getelementptr inbounds %struct.inode.108328, %struct.inode.108328* %7, i64 0, i32 47 %9 = load volatile i8*, i8** %8, align 8 %10 = ptrtoint i8* %9 to i64 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %13 = icmp eq i32 %11, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.34.11642, i64 0, i64 0), i32 %11) #76 %16 = sext i32 %15 to i64 %17 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %12, i64 %16) #77 ------------- Good: 43 Bad: 15 Ignored: 13 Check Use of Function:security_member_sid Check Use of Function:e1000_write_phy_reg Check Use of Function:security_get_user_sids Check Use of Function:__mb_cache_entry_free Check Use of Function:security_change_sid Check Use of Function:security_transition_sid_user Check Use of Function:security_context_str_to_sid Check Use of Function:security_context_to_sid Check Use of Function:avc_ss_reset Check Use of Function:selnl_notify_setenforce Check Use of Function:security_get_permissions Check Use of Function:security_get_classes Check Use of Function:sel_make_dir Check Use of Function:phy_connect_direct Check Use of Function:d_exchange Check Use of Function:call_usermodehelper_exec Check Use of Function:replace_fd Check Use of Function:alloc_file_pseudo Check Use of Function:from_mnt_ns Check Use of Function:vfs_rmdir Check Use of Function:rtc_cmos_write Check Use of Function:proc_sys_revalidate Check Use of Function:ext4_setent Check Use of Function:__lookup_slow Check Use of Function:i915_perf_fini Check Use of Function:tasklet_setup Check Use of Function:ieee80211_dfs_cac_cancel Check Use of Function:bad_inode_atomic_open Check Use of Function:alloc_netdev_mqs Check Use of Function:drm_event_cancel_free Check Use of Function:ipip6_tunnel_update Check Use of Function:ext4_zero_partial_blocks Check Use of Function:kernfs_dop_revalidate Check Use of Function:audit_log_path_denied Check Use of Function:parse_monolithic_mount_data Check Use of Function:fpu__clear_user_states Check Use of Function:pipe_ioctl Check Use of Function:pin_insert Check Use of Function:intel_display_prepare_reset Check Use of Function:__azx_runtime_resume Check Use of Function:sd_ioctl Check Use of Function:md_ioctl Use: =BAD PATH= Call Stack: 0 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.299712* %0, i32 %1, i32 %2, i64 %8) #76 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:kernfs_vfs_xattr_get Check Use of Function:dm_blk_ioctl Check Use of Function:md_compat_ioctl Check Use of Function:drv_mgd_complete_tx Check Use of Function:__ieee80211_unschedule_txq Check Use of Function:proc_tid_base_lookup Check Use of Function:sd_pr_clear Check Use of Function:__lock_page Check Use of Function:security_sem_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 94 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = icmp slt i32 %10, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 1, i64 0 %22 = load i32, i32* %21, align 8 %23 = icmp slt i32 %22, %10 br i1 %23, label %32, label %24 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %25, align 8 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %26, align 4 %27 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %28 = bitcast %struct.anon.1* %27 to i32* store i32 %10, i32* %28, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %29, %struct.ipc_ops.265446* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 94 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = icmp slt i32 %10, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 1, i64 0 %22 = load i32, i32* %21, align 8 %23 = icmp slt i32 %22, %10 br i1 %23, label %32, label %24 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %25, align 8 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %26, align 4 %27 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %28 = bitcast %struct.anon.1* %27 to i32* store i32 %10, i32* %28, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %29, %struct.ipc_ops.265446* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_semget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #76 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %24 = tail call i64 @ksys_semget(i32 %1, i32 %2, i32 %3) #76 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 94 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 8 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = icmp slt i32 %1, 0 br i1 %12, label %25, label %13 %14 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 1, i64 0 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %15, %1 br i1 %16, label %25, label %17 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %21 = bitcast %struct.anon.1* %20 to i32* store i32 %1, i32* %21, align 8 %22 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 0 %23 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %22, %struct.ipc_ops.265446* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #76 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:write_pool Use: =BAD PATH= Call Stack: 0 random_write ------------- Path:  Function:random_write %5 = tail call fastcc i32 @write_pool(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 random_write ------------- Path:  Function:random_write %5 = tail call fastcc i32 @write_pool(i8* %1, i64 %2) #76 ------------- Good: 1 Bad: 2 Ignored: 0 Check Use of Function:dm_pr_register Check Use of Function:security_task_fix_setgid Check Use of Function:__ip_tunnel_create Check Use of Function:sock_write_iter Check Use of Function:__nla_parse Check Use of Function:ipv6_chk_prefix Check Use of Function:redirected_tty_write Check Use of Function:__ipv6_dev_ac_inc Check Use of Function:drm_modeset_drop_locks Check Use of Function:mntns_install Check Use of Function:set_fs_root Check Use of Function:xt_compat_target_from_user Check Use of Function:cpu_latency_qos_remove_request Use: =BAD PATH= Call Stack: 0 cpu_latency_qos_release ------------- Path:  Function:cpu_latency_qos_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.pm_qos_request* store i8* null, i8** %3, align 8 tail call void @cpu_latency_qos_remove_request(%struct.pm_qos_request* %5) #76 ------------- Good: 12 Bad: 1 Ignored: 1 Check Use of Function:ext4_alloc_file_blocks Check Use of Function:blkdev_compat_ptr_ioctl Check Use of Function:generic_setlease Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #76 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %21 = tail call i32 @generic_setlease(%struct.file* %0, i64 2, %struct.file_lock** null, i8** %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #76 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq i64 %1, 0 %9 = select i1 %8, i32 1, i32 2 %10 = tail call i32 @nfs4_have_delegation(%struct.inode* %7, i32 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %22, label %12 %13 = tail call i32 @generic_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #76 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:nd_jump_link Check Use of Function:__SCT__tp_func_drm_vblank_event_delivered Check Use of Function:shmem_lock Check Use of Function:propagate_mount_busy Check Use of Function:new_inode Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_pid_lookup 2 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.177930* (%struct.dentry.177930*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #76 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #76 %5 = icmp eq i32 %4, -1 br i1 %5, label %95, label %6 %7 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %0, i64 0, i32 9 %8 = load %struct.super_block.177925*, %struct.super_block.177925** %7, align 8 %9 = getelementptr inbounds %struct.super_block.177925, %struct.super_block.177925* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.178095** %11 = load %struct.proc_fs_info.178095*, %struct.proc_fs_info.178095** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.178095, %struct.proc_fs_info.178095* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.177737*, %struct.pid_namespace.177737** %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.178066* (i32, %struct.pid_namespace.177737*)*)(i32 %4, %struct.pid_namespace.177737* %13) #76 %15 = icmp eq %struct.task_struct.178066* %14, null br i1 %15, label %94, label %16 %17 = getelementptr inbounds %struct.task_struct.178066, %struct.task_struct.178066* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !5 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !6, !misexpect !7 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !8, !misexpect !7 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #76 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %28 = getelementptr inbounds %struct.proc_fs_info.178095, %struct.proc_fs_info.178095* %11, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 4 br i1 %30, label %31, label %33 %32 = tail call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @ptrace_may_access to i1 (%struct.task_struct.178066*, i32)*)(%struct.task_struct.178066* nonnull %14, i32 9) #76 br i1 %32, label %33, label %84 %34 = load %struct.super_block.177925*, %struct.super_block.177925** %7, align 8 %35 = tail call %struct.inode.177941* @proc_pid_make_inode(%struct.super_block.177925* %34, %struct.task_struct.178066* nonnull %14, i16 zeroext 16749) #76 Function:proc_pid_make_inode %4 = tail call %struct.inode.177941* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode.177941* (%struct.super_block.177925*)*)(%struct.super_block.177925* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.183106, %struct.inode.183106* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.182852** %6 = load %struct.pid.182852*, %struct.pid.182852** %5, align 8 %7 = tail call %struct.task_struct.183045* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.183045* (%struct.pid.182852*, i32)*)(%struct.pid.182852* %6, i32 0) #76 %8 = icmp eq %struct.task_struct.183045* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.183110, %struct.dentry.183110* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.183110, %struct.dentry.183110* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.183047** [ getelementptr inbounds ([9 x %struct.proc_ns_operations.183047*], [9 x %struct.proc_ns_operations.183047*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.183047*, %struct.proc_ns_operations.183047** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.183047, %struct.proc_ns_operations.183047* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #77 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) %26 = icmp eq i32 %25, 0 br i1 %26, label %30, label %27 %31 = phi %struct.proc_ns_operations.183047** [ %17, %23 ], [ %28, %27 ] %32 = icmp eq %struct.proc_ns_operations.183047** %31, getelementptr inbounds ([9 x %struct.proc_ns_operations.183047*], [9 x %struct.proc_ns_operations.183047*]* @ns_entries, i64 1, i64 0) br i1 %32, label %46, label %33 %34 = bitcast %struct.proc_ns_operations.183047** %31 to i64* %35 = load i64, i64* %34, align 8 %36 = getelementptr inbounds %struct.dentry.183110, %struct.dentry.183110* %1, i64 0, i32 9 %37 = load %struct.super_block.183092*, %struct.super_block.183092** %36, align 8 %38 = tail call %struct.inode.183106* bitcast (%struct.inode.177941* (%struct.super_block.177925*, %struct.task_struct.178066*, i16)* @proc_pid_make_inode to %struct.inode.183106* (%struct.super_block.183092*, %struct.task_struct.183045*, i16)*)(%struct.super_block.183092* %37, %struct.task_struct.183045* nonnull %7, i16 zeroext -24065) #76 Function:proc_pid_make_inode %4 = tail call %struct.inode.177941* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode.177941* (%struct.super_block.177925*)*)(%struct.super_block.177925* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_lookupfdinfo ------------- Path:  Function:proc_lookupfdinfo %4 = getelementptr %struct.inode.179138, %struct.inode.179138* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.179036** %6 = load %struct.pid.179036*, %struct.pid.179036** %5, align 8 %7 = tail call %struct.task_struct.179108* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.179108* (%struct.pid.179036*, i32)*)(%struct.pid.179036* %6, i32 0) #76 %8 = getelementptr inbounds %struct.dentry.179142, %struct.dentry.179142* %1, i64 0, i32 4 %9 = tail call i32 @name_to_int(%struct.qstr* %8) #76 %10 = icmp eq %struct.task_struct.179108* %7, null br i1 %10, label %46, label %11 %12 = icmp eq i32 %9, -1 br i1 %12, label %34, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.file.179147* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.179147* (%struct.task_struct.179108*, i32)*)(%struct.task_struct.179108* nonnull %7, i32 %9) #76 %15 = icmp eq %struct.file.179147* %14, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 tail call void @rcu_read_unlock_strict() #76 br i1 %15, label %34, label %16 %17 = getelementptr inbounds %struct.dentry.179142, %struct.dentry.179142* %1, i64 0, i32 9 %18 = load %struct.super_block.179119*, %struct.super_block.179119** %17, align 8 %19 = tail call %struct.inode.179138* bitcast (%struct.inode.177941* (%struct.super_block.177925*, %struct.task_struct.178066*, i16)* @proc_pid_make_inode to %struct.inode.179138* (%struct.super_block.179119*, %struct.task_struct.179108*, i16)*)(%struct.super_block.179119* %18, %struct.task_struct.179108* nonnull %7, i16 zeroext -32476) #76 Function:proc_pid_make_inode %4 = tail call %struct.inode.177941* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode.177941* (%struct.super_block.177925*)*)(%struct.super_block.177925* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_fd_instantiate 2 proc_lookupfd ------------- Path:  Function:proc_lookupfd %4 = alloca %struct.util_est, align 4 %5 = getelementptr %struct.inode.179138, %struct.inode.179138* %0, i64 -1, i32 41, i32 13 %6 = bitcast %struct.list_head* %5 to %struct.pid.179036** %7 = load %struct.pid.179036*, %struct.pid.179036** %6, align 8 %8 = tail call %struct.task_struct.179108* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.179108* (%struct.pid.179036*, i32)*)(%struct.pid.179036* %7, i32 0) #76 %9 = bitcast %struct.util_est* %4 to i8* %10 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %12 = getelementptr inbounds %struct.dentry.179142, %struct.dentry.179142* %1, i64 0, i32 4 %13 = tail call i32 @name_to_int(%struct.qstr* %12) #76 store i32 %13, i32* %11, align 4 %14 = icmp eq %struct.task_struct.179108* %8, null br i1 %14, label %37, label %15 %16 = icmp eq i32 %13, -1 br i1 %16, label %25, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = tail call %struct.file.179147* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.179147* (%struct.task_struct.179108*, i32)*)(%struct.task_struct.179108* nonnull %8, i32 %13) #76 %19 = icmp eq %struct.file.179147* %18, null br i1 %19, label %24, label %20 %21 = getelementptr inbounds %struct.file.179147, %struct.file.179147* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 store i32 %22, i32* %10, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %23 = call %struct.dentry.179142* @proc_fd_instantiate(%struct.dentry.179142* %1, %struct.task_struct.179108* nonnull %8, i8* nonnull %9) #76, !callees !6 Function:proc_fd_instantiate %4 = getelementptr inbounds %struct.dentry.179142, %struct.dentry.179142* %0, i64 0, i32 9 %5 = load %struct.super_block.179119*, %struct.super_block.179119** %4, align 8 %6 = tail call %struct.inode.179138* bitcast (%struct.inode.177941* (%struct.super_block.177925*, %struct.task_struct.178066*, i16)* @proc_pid_make_inode to %struct.inode.179138* (%struct.super_block.179119*, %struct.task_struct.179108*, i16)*)(%struct.super_block.179119* %5, %struct.task_struct.179108* %1, i16 zeroext -24576) #76 Function:proc_pid_make_inode %4 = tail call %struct.inode.177941* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode.177941* (%struct.super_block.177925*)*)(%struct.super_block.177925* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_get_inode 1 proc_lookup_de 2 proc_tgid_net_lookup ------------- Path:  Function:proc_tgid_net_lookup %4 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %0) #76 %5 = icmp eq %struct.net* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.net, %struct.net* %4, i64 0, i32 16 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 32 %9 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %8) #77 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #76 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #76 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #76 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_get_inode 1 proc_lookup_de 2 proc_lookup ------------- Path:  Function:proc_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info** %8 = load %struct.proc_fs_info*, %struct.proc_fs_info** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %8, i64 0, i32 5 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 br i1 %11, label %18, label %12 %13 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1, i32 1 %15 = bitcast %struct.list_head** %14 to %struct.proc_dir_entry** %16 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %15, align 8 %17 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %16) #76 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #76 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #76 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #76 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_sys_make_inode 1 proc_sys_lookup ------------- Path:  Function:proc_sys_lookup %4 = alloca %struct.ctl_table_header*, align 8 %5 = alloca %struct.ctl_table*, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 2 %8 = bitcast %struct.list_head* %7 to %struct.ctl_table_header** %9 = load %struct.ctl_table_header*, %struct.ctl_table_header** %8, align 8 %10 = icmp eq %struct.ctl_table_header* %9, null %11 = select i1 %10, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %9 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #76 %12 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %11, i64 0, i32 1 %13 = load %struct.completion*, %struct.completion** %12, align 8 %14 = icmp eq %struct.completion* %13, null br i1 %14, label %15, label %19, !prof !4, !misexpect !5 %20 = phi %struct.ctl_table_header* [ %11, %15 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = bitcast %struct.ctl_table_header** %4 to i8* store %struct.ctl_table_header* null, %struct.ctl_table_header** %4, align 8 %22 = bitcast %struct.ctl_table** %5 to i8* %23 = icmp ugt %struct.ctl_table_header* %20, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %23, label %24, label %26 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %28 = load i8*, i8** %27, align 8 %29 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %30 = bitcast %struct.anon.1* %29 to %struct.util_est* %31 = getelementptr inbounds %struct.util_est, %struct.util_est* %30, i64 0, i32 1 %32 = load i32, i32* %31, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #76 %33 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %20, i64 1 %34 = bitcast %struct.ctl_table_header* %33 to %struct.rb_node** %35 = load %struct.rb_node*, %struct.rb_node** %34, align 8 %36 = icmp eq %struct.rb_node* %35, null br i1 %36, label %85, label %37 %38 = phi %struct.rb_node* [ %71, %69 ], [ %35, %26 ] %39 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 1 %40 = bitcast %struct.rb_node* %39 to %struct.ctl_table_header** %41 = load %struct.ctl_table_header*, %struct.ctl_table_header** %40, align 8 %42 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 0, i32 0, i32 0 %43 = load %struct.ctl_table*, %struct.ctl_table** %42, align 8 %44 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 6 %45 = bitcast %struct.ctl_node** %44 to i64* %46 = load i64, i64* %45, align 8 %47 = ptrtoint %struct.rb_node* %38 to i64 %48 = sub i64 %47, %46 %49 = ashr exact i64 %48, 5 %50 = getelementptr %struct.ctl_table, %struct.ctl_table* %43, i64 %49 %51 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %50, i64 0, i32 0 %52 = load i8*, i8** %51, align 8 %53 = tail call i64 @strlen(i8* %52) #76 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %32, %54 %56 = select i1 %55, i32 %32, i32 %54 %57 = sext i32 %56 to i64 %58 = tail call i32 @memcmp(i8* %28, i8* %52, i64 %57) #76 %59 = icmp eq i32 %58, 0 %60 = sub i32 %32, %54 %61 = select i1 %59, i32 %60, i32 %58 %62 = icmp slt i32 %61, 0 br i1 %62, label %63, label %65 %66 = icmp eq i32 %61, 0 br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 0, i32 1 br label %69 %70 = phi %struct.rb_node** [ %64, %63 ], [ %68, %67 ] %71 = load %struct.rb_node*, %struct.rb_node** %70, align 8 %72 = icmp eq %struct.rb_node* %71, null br i1 %72, label %85, label %37 %86 = phi %struct.ctl_table_header* [ %41, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] %87 = phi %struct.ctl_table* [ %50, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store %struct.ctl_table* %87, %struct.ctl_table** %5, align 8 %88 = icmp eq %struct.ctl_table* %87, null br i1 %88, label %117, label %89 %90 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %87, i64 0, i32 3 %91 = load i16, i16* %90, align 4 %92 = and i16 %91, -4096 %93 = icmp eq i16 %92, -24576 br i1 %93, label %94, label %104 %95 = call fastcc i32 @sysctl_follow_link(%struct.ctl_table_header** nonnull %4, %struct.ctl_table** nonnull %5) #77 %96 = icmp eq i32 %95, 0 br i1 %96, label %101, label %97 %102 = load %struct.ctl_table_header*, %struct.ctl_table_header** %4, align 8 %103 = load %struct.ctl_table*, %struct.ctl_table** %5, align 8 br label %104 %105 = phi %struct.ctl_table_header* [ %102, %101 ], [ %86, %89 ] %106 = phi %struct.ctl_table* [ %103, %101 ], [ %87, %89 ] %107 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %108 = load %struct.super_block*, %struct.super_block** %107, align 8 %109 = icmp eq %struct.ctl_table_header* %105, null %110 = select i1 %109, %struct.ctl_table_header* %20, %struct.ctl_table_header* %105 %111 = tail call fastcc %struct.inode* @proc_sys_make_inode(%struct.super_block* %108, %struct.ctl_table_header* %110, %struct.ctl_table* %106) #77 Function:proc_sys_make_inode %4 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %1, i64 0, i32 3 %5 = load %struct.ctl_table_root*, %struct.ctl_table_root** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14473, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #76 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #76 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #76 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14473, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #76 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #76 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #76 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14473, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #76 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #76 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #76 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14473, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #76 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #76 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #76 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14473, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #76 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #76 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #76 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_create ------------- Path:  Function:hugetlbfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #76 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_symlink ------------- Path:  Function:hugetlbfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #76 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_mkdir ------------- Path:  Function:hugetlbfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #76 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_mknod ------------- Path:  Function:hugetlbfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #76 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_tmpfile ------------- Path:  Function:hugetlbfs_tmpfile %5 = or i16 %3, -32768 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #76 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_create ------------- Path:  Function:ramfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #76 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_symlink ------------- Path:  Function:ramfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #76 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_mkdir ------------- Path:  Function:ramfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #76 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_mknod ------------- Path:  Function:ramfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #76 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_tmpfile ------------- Path:  Function:ramfs_tmpfile %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext %3, i32 0) #76 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_get_inode 1 mqueue_create_attr 2 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #76 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #76 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #76 br label %26 %27 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 15 %28 = load i32, i32* %27, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 16 %30 = load i32, i32* %29, align 4 %31 = icmp ult i32 %28, %30 br i1 %31, label %36, label %32 %33 = tail call zeroext i1 @capable(i32 24) #76 br i1 %33, label %34, label %65 %35 = load i32, i32* %27, align 8 br label %36 %37 = phi i32 [ %35, %34 ], [ %28, %26 ] %38 = add i32 %37, 1 store i32 %38, i32* %27, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %39 = load %struct.super_block*, %struct.super_block** %9, align 8 %40 = tail call fastcc %struct.inode* @mqueue_get_inode(%struct.super_block* %39, %struct.ipc_namespace* nonnull %13, i16 zeroext %1, %struct.mq_attr* %8) #77 Function:mqueue_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 autofs_get_inode 1 autofs_dir_mkdir ------------- Path:  Function:autofs_dir_mkdir %5 = getelementptr inbounds %struct.inode.262289, %struct.inode.262289* %1, i64 0, i32 8 %6 = load %struct.super_block.262270*, %struct.super_block.262270** %5, align 8 %7 = getelementptr inbounds %struct.super_block.262270, %struct.super_block.262270* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.autofs_sb_info.262300** %9 = load %struct.autofs_sb_info.262300*, %struct.autofs_sb_info.262300** %8, align 16 %10 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %2, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.autofs_info.262301** %12 = load %struct.autofs_info.262301*, %struct.autofs_info.262301** %11, align 8 %13 = getelementptr inbounds %struct.autofs_sb_info.262300, %struct.autofs_sb_info.262300* %9, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %102 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.262258** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.262258**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.262258* %20 = getelementptr inbounds %struct.task_struct.262258, %struct.task_struct.262258* %19, i64 0, i32 95 %21 = load %struct.signal_struct.262187*, %struct.signal_struct.262187** %20, align 32 %22 = getelementptr %struct.signal_struct.262187, %struct.signal_struct.262187* %21, i64 0, i32 21, i64 2 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = getelementptr inbounds %struct.autofs_sb_info.262300, %struct.autofs_sb_info.262300* %9, i64 0, i32 3 %25 = load %struct.pid*, %struct.pid** %24, align 8 %26 = icmp eq %struct.pid* %23, %25 br i1 %26, label %27, label %102 %28 = icmp eq %struct.autofs_info.262301* %12, null br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.autofs_info*)* @autofs_clean_ino to void (%struct.autofs_info.262301*)*)(%struct.autofs_info.262301* nonnull %12) #76 %31 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %2, i64 0, i32 9 %32 = load %struct.super_block.262270*, %struct.super_block.262270** %31, align 8 %33 = getelementptr inbounds %struct.super_block.262270, %struct.super_block.262270* %32, i64 0, i32 28 %34 = bitcast i8** %33 to %struct.autofs_sb_info.262300** %35 = load %struct.autofs_sb_info.262300*, %struct.autofs_sb_info.262300** %34, align 16 %36 = load %struct.autofs_info.262301*, %struct.autofs_info.262301** %11, align 8 %37 = getelementptr inbounds %struct.autofs_sb_info.262300, %struct.autofs_sb_info.262300* %35, i64 0, i32 16 %38 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %37, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #76 %39 = getelementptr inbounds %struct.autofs_info.262301, %struct.autofs_info.262301* %36, i64 0, i32 4 %40 = getelementptr inbounds %struct.autofs_info.262301, %struct.autofs_info.262301* %36, i64 0, i32 4, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 1 store %struct.list_head* %41, %struct.list_head** %44, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 0 store volatile %struct.list_head* %43, %struct.list_head** %45, align 8 store volatile %struct.list_head* %39, %struct.list_head** %42, align 8 store %struct.list_head* %39, %struct.list_head** %40, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %46 = bitcast %struct.spinlock* %37 to i8* store volatile i8 0, i8* %46, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %47 = load %struct.super_block.262270*, %struct.super_block.262270** %5, align 8 %48 = or i16 %3, 16384 %49 = tail call %struct.inode.262289* bitcast (%struct.inode* (%struct.super_block*, i16)* @autofs_get_inode to %struct.inode.262289* (%struct.super_block.262270*, i16)*)(%struct.super_block.262270* %47, i16 zeroext %48) #76 Function:autofs_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.149921* (%struct.super_block.149904*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #76 ------------- Good: 67 Bad: 24 Ignored: 64 Check Use of Function:compat_blkdev_ioctl Check Use of Function:xt_alloc_table_info Check Use of Function:get_zeroed_page Use: =BAD PATH= Call Stack: 0 simple_transaction_get 1 selinux_transaction_write ------------- Path:  Function:selinux_transaction_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = icmp ugt i64 %8, 14 br i1 %9, label %25, label %10 %11 = getelementptr [15 x i64 (%struct.file*, i8*, i64)*], [15 x i64 (%struct.file*, i8*, i64)*]* @write_op, i64 0, i64 %8 %12 = lshr i64 15391, %8 %13 = and i64 %12, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %25 %16 = tail call i8* bitcast (i8* (%struct.file.153246*, i8*, i64)* @simple_transaction_get to i8* (%struct.file*, i8*, i64)*)(%struct.file* %0, i8* %1, i64 %2) #76 Function:simple_transaction_get %4 = icmp ugt i64 %2, 4087 br i1 %4, label %20, label %5 %6 = tail call i64 @get_zeroed_page(i32 3264) #76 ------------- Good: 426 Bad: 1 Ignored: 542 Check Use of Function:translate_table.68091 Check Use of Function:xt_copy_counters Check Use of Function:path_openat Check Use of Function:xt_table_unlock Check Use of Function:stack_trace_save_tsk Check Use of Function:audit_seccomp_actions_logged Check Use of Function:xt_find_table_lock Check Use of Function:mnt_clone_internal Check Use of Function:lock_rename Check Use of Function:mddev_unlock Check Use of Function:inet6_addr_del Check Use of Function:clear_page_dirty_for_io Check Use of Function:unregister_netdevice_many Check Use of Function:ext4_fc_stop_ineligible Check Use of Function:reconfigure_super Check Use of Function:freeze_super Check Use of Function:security_task_setscheduler Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #76 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %10 = icmp ult i32 %6, 8 br i1 %10, label %11, label %16 %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %11 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %60, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 %27 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %28 %29 = phi i64 [ %26, %25 ], [ %47, %40 ] %30 = phi i32* [ %7, %25 ], [ %41, %40 ] %31 = phi i64* [ %27, %25 ], [ %46, %40 ] %32 = icmp ugt i64 %29, 1 br i1 %32, label %33, label %48 %49 = icmp eq i64 %29, 0 br i1 %49, label %56, label %50 %51 = bitcast i32* %30 to %struct.__large_struct* %52 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %51, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %55)) #4 to label %53 [label %55], !srcloc !11 %54 = zext i32 %52 to i64 store i64 %54, i64* %31, align 8 br label %56 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %57 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %9) #76 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !7 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !8, !misexpect !9 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !10, !misexpect !9 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #76 br label %24 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 85 %33 = load %struct.cred*, %struct.cred** %32, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 84 %35 = load volatile %struct.cred*, %struct.cred** %34, align 8 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %50, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #76 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #76 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !7 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !8, !misexpect !9 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !10, !misexpect !9 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #76 br label %24 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 85 %33 = load %struct.cred*, %struct.cred** %32, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 84 %35 = load volatile %struct.cred*, %struct.cred** %34, align 8 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %50, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #76 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #76 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !7 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !8, !misexpect !9 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !10, !misexpect !9 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #76 br label %24 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 85 %33 = load %struct.cred*, %struct.cred** %32, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 84 %35 = load volatile %struct.cred*, %struct.cred** %34, align 8 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %50, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #76 ------------- Good: 3 Bad: 3 Ignored: 1 Check Use of Function:thaw_super Check Use of Function:irq_set_affinity Check Use of Function:e1000_power_up_phy Check Use of Function:bmap Check Use of Function:proc_ptrace_connector Check Use of Function:ext4_xattr_security_get Check Use of Function:ata_acpi_dev_uevent Check Use of Function:nfs4_xattr_get_nfs4_acl Check Use of Function:ext4_xattr_hurd_get Check Use of Function:nv_set_multicast Check Use of Function:ext4_xattr_inode_update_ref Check Use of Function:sockfs_xattr_get Check Use of Function:qdisc_lookup Check Use of Function:mount_too_revealing Check Use of Function:vfs_clean_context Check Use of Function:_dev_notice Check Use of Function:__tcf_get_next_proto Check Use of Function:shmem_xattr_handler_get Check Use of Function:loop_info64_to_compat Check Use of Function:hiddev_ioctl Check Use of Function:___ieee80211_stop_tx_ba_session Check Use of Function:acpi_install_table_handler Check Use of Function:cfg80211_rx_unexpected_4addr_frame Check Use of Function:create_empty_buffers Check Use of Function:rt6_lookup Check Use of Function:rfkill_register Check Use of Function:rpc_pipe_ioctl Check Use of Function:ieee80211_queue_work Check Use of Function:nfs_umount_begin Check Use of Function:snapshot_ioctl Use: =BAD PATH= Call Stack: 0 snapshot_compat_ioctl ------------- Path:  Function:snapshot_compat_ioctl switch i32 %1, label %6 [ i32 -2146946290, label %4 i32 -2146946285, label %4 i32 -2146946284, label %4 i32 1074017041, label %4 i32 1074541325, label %4 ] %7 = phi i64 [ %5, %4 ], [ %2, %3 ] %8 = tail call i64 @snapshot_ioctl(%struct.file* %0, i32 %1, i64 %7) #76 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:do_split Check Use of Function:snd_seq_ioctl Use: =BAD PATH= Call Stack: 0 snd_seq_ioctl_compat ------------- Path:  Function:snd_seq_ioctl_compat %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.snd_seq_client** %6 = load %struct.snd_seq_client*, %struct.snd_seq_client** %5, align 8 %7 = and i64 %2, 4294967295 %8 = icmp eq %struct.snd_seq_client* %6, null br i1 %8, label %32, label %9, !prof !4, !misexpect !5 switch i32 %1, label %32 [ i32 -2147200256, label %10 i32 -2147200255, label %10 i32 -1070574846, label %10 i32 -1061399792, label %10 i32 1086083857, label %10 i32 1079006000, label %10 i32 1079006001, label %10 i32 -1064545486, label %10 i32 1082938163, label %10 i32 -1064545484, label %10 i32 -1064545483, label %10 i32 -1064545482, label %10 i32 -1067691200, label %10 i32 -1070836927, label %10 i32 1076646722, label %10 i32 -1067429051, label %10 i32 1080054598, label %10 i32 -1068739767, label %10 i32 1078743882, label %10 i32 -1067953333, label %10 i32 1079530316, label %10 i32 1077957454, label %10 i32 -1067953329, label %10 i32 -1068477616, label %10 i32 -1061399727, label %10 i32 -1072671997, label %10 i32 -1062972640, label %12 i32 1084511009, label %16 i32 -1062972638, label %20 i32 1084511011, label %24 i32 -1062972590, label %28 ] %11 = tail call i64 @snd_seq_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:xt_match_to_user Check Use of Function:security_load_policy Check Use of Function:migrate_pages Check Use of Function:__mnt_drop_write Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #77 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #77 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 9 %11 = load %struct.address_space_operations*, %struct.address_space_operations** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %11, i64 0, i32 1 %13 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %12, align 8 %14 = icmp eq i32 (%struct.file*, %struct.page*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %21) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 2 %4 = load %struct.inode.215746*, %struct.inode.215746** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, %struct.vm_area_struct*)* @generic_file_mmap to i32 (%struct.file.215754*, %struct.vm_area_struct.215770*)*)(%struct.file.215754* %0, %struct.vm_area_struct.215770* %1) #76 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ %16, %23 ], [ %103, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ 0, %23 ], [ %100, %124 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #76 switch i32 %40, label %129 [ i32 0, label %41 i32 -22, label %134 ] %135 = phi i32 [ 0, %70 ], [ 0, %56 ], [ 0, %55 ], [ 0, %2 ], [ %130, %129 ], [ 0, %36 ] %136 = phi i64 [ %31, %70 ], [ %31, %56 ], [ %31, %55 ], [ 0, %2 ], [ %131, %129 ], [ %31, %36 ] %137 = phi i64 [ %30, %70 ], [ %30, %56 ], [ %30, %55 ], [ %17, %2 ], [ %132, %129 ], [ %30, %36 ] %138 = phi i64 [ %29, %70 ], [ %29, %56 ], [ %29, %55 ], [ %16, %2 ], [ %133, %129 ], [ %29, %36 ] %139 = shl i64 %138, 12 %140 = add i64 %139, %137 store i64 %140, i64* %10, align 8 %141 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %142 = load i32, i32* %141, align 8 %143 = and i32 %142, 262144 %144 = icmp eq i32 %143, 0 br i1 %144, label %145, label %147 %146 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %146) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 6, i32 4, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %28) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*, i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.154414*, i64*, %struct.pipe_inode_info.154505*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273225*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*)(%struct.file.273225* %0, i64* %1, %struct.pipe_inode_info.273162* %2, i64 %3, i32 %4) #76 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.149921* %8) #76 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 7 %33 = load %struct.inode_operations.149915*, %struct.inode_operations.149915** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.149915, %struct.inode_operations.149915* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.149921*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.149921* %8, %struct.cpu_itimer* nonnull %2, i32 1) #77 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Good: 39 Bad: 10 Ignored: 64 Check Use of Function:netlbl_unlabel_genl_init Check Use of Function:ipip6_dellink Check Use of Function:current_umask Use: =BAD PATH= Call Stack: 0 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.236590** %9 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %8, align 16 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %9, i64 0, i32 35, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %17 = tail call i32 @current_umask() #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %10, i64 0, i32 35, i64 2 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 131072 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %24 %18 = tail call i32 @current_umask() #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %271 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %36 = bitcast %struct.qstr* %35 to %struct.util_est* %37 = getelementptr inbounds %struct.util_est, %struct.util_est* %36, i64 0, i32 1 %38 = load i32, i32* %37, align 4 %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %40 = load %struct.super_block*, %struct.super_block** %39, align 8 %41 = getelementptr inbounds %struct.super_block, %struct.super_block* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.215077** %43 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %42, align 16 %44 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %43, i64 0, i32 23 %45 = load i32, i32* %44, align 4 %46 = icmp ugt i32 %38, %45 br i1 %46, label %271, label %47 %48 = and i32 %3, 64 %49 = icmp eq i32 %48, 0 br i1 %49, label %65, label %50 %51 = getelementptr %struct.nfs_server.215077, %struct.nfs_server.215077* %43, i64 0, i32 35, i64 2 %52 = load i32, i32* %51, align 4 %53 = and i32 %52, 131072 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %60 %56 = call i32 @current_umask() #76 ------------- Good: 14 Bad: 3 Ignored: 6 Check Use of Function:nl80211_notify_iface Check Use of Function:perf_ioctl Use: =BAD PATH= Call Stack: 0 perf_compat_ioctl ------------- Path:  Function:perf_compat_ioctl %4 = trunc i32 %1 to i8 switch i8 %4, label %11 [ i8 6, label %5 i8 7, label %5 i8 10, label %5 i8 11, label %5 ] %6 = and i32 %1, 1073676288 %7 = icmp eq i32 %6, 262144 br i1 %7, label %8, label %11 %12 = phi i32 [ %1, %3 ], [ %10, %8 ], [ %1, %5 ] %13 = tail call i64 @perf_ioctl(%struct.file.114517* %0, i32 %12, i64 %2) #76 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:lock_device_hotplug Check Use of Function:finalize_exec Check Use of Function:snd_timer_user_ioctl Check Use of Function:sd_config_write_same Check Use of Function:ieee80211_hw_config Check Use of Function:xt_request_find_target Check Use of Function:xt_compat_unlock Check Use of Function:may_open Check Use of Function:drm_ioctl Use: =BAD PATH= Call Stack: 0 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.408214*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.408214, %struct.file.408214* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.408262** %7 = load %struct.drm_file.408262*, %struct.drm_file.408262** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.408214*, i32, i64)*)(%struct.file.408214* %0, i32 %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.408214*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.408214, %struct.file.408214* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.408262** %7 = load %struct.drm_file.408262*, %struct.drm_file.408262** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.83.408215], [185 x %struct.anon.83.408215]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.408214*, i32, i64)*, i32 (%struct.file.408214*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.408214*, i32, i64)* %14, null br i1 %15, label %16, label %18 %17 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.408214*, i32, i64)*)(%struct.file.408214* %0, i32 %1, i64 %2) #76 ------------- Good: 0 Bad: 3 Ignored: 6 Check Use of Function:sock_ioctl Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.socket.273260** %10 = load %struct.socket.273260*, %struct.socket.273260** %9, align 8 %11 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 4 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 5 %13 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %12, align 32 %14 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %13, i64 0, i32 10 %15 = load i32 (%struct.socket.273260*, i32, i64)*, i32 (%struct.socket.273260*, i32, i64)** %14, align 8 %16 = icmp eq i32 (%struct.socket.273260*, i32, i64)* %15, null br i1 %16, label %19, label %17 %20 = phi i32 [ %18, %17 ], [ -515, %3 ] %21 = icmp eq i32 %20, -515 %22 = and i32 %1, -256 %23 = icmp eq i32 %22, 35584 %24 = and i1 %23, %21 %25 = xor i1 %21, true %26 = or i1 %23, %25 %27 = select i1 %24, i32 -22, i32 %20 br i1 %26, label %193, label %28 %29 = and i64 %2, 4294967295 %30 = inttoptr i64 %29 to i8* %31 = load %struct.sock.273263*, %struct.sock.273263** %11, align 8 %32 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %31, i64 0, i32 0, i32 9, i32 0 %33 = load %struct.net.273332*, %struct.net.273332** %32, align 8 %34 = and i32 %1, -16 %35 = icmp eq i32 %34, 35312 br i1 %35, label %36, label %39 switch i32 %1, label %193 [ i32 35137, label %40 i32 35136, label %40 i32 35146, label %53 i32 35078, label %98 i32 35079, label %98 i32 35142, label %106 i32 35219, label %106 i32 35220, label %106 i32 35248, label %106 i32 35249, label %106 i32 35073, label %140 i32 35074, label %140 i32 35075, label %140 i32 35076, label %140 i32 35232, label %140 i32 35233, label %140 i32 35202, label %140 i32 35203, label %140 i32 35148, label %140 i32 -2146399994, label %140 i32 -2146399993, label %140 i32 35090, label %140 i32 35091, label %143 i32 35092, label %143 i32 35184, label %143 i32 35185, label %143 i32 35101, label %143 i32 35102, label %143 i32 35105, label %143 i32 35106, label %143 i32 35103, label %143 i32 35104, label %143 i32 35111, label %143 i32 35108, label %143 i32 35121, label %143 i32 35122, label %143 i32 35123, label %143 i32 35093, label %143 i32 35094, label %143 i32 35127, label %143 i32 35126, label %143 i32 35097, label %143 i32 35098, label %143 i32 35095, label %143 i32 35096, label %143 i32 35099, label %143 i32 35100, label %143 i32 35124, label %143 i32 35125, label %143 i32 35138, label %143 i32 35139, label %143 i32 35234, label %143 i32 35235, label %143 i32 35088, label %143 i32 35107, label %143 i32 35143, label %143 i32 35144, label %143 i32 35145, label %143 i32 35216, label %143 i32 35217, label %143 i32 35218, label %143 i32 35221, label %143 i32 35157, label %143 i32 35156, label %143 i32 35155, label %143 i32 21521, label %143 i32 35147, label %143 i32 35077, label %143 ] %141 = tail call i64 @sock_ioctl(%struct.file.273225* %0, i32 %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.socket.273260** %10 = load %struct.socket.273260*, %struct.socket.273260** %9, align 8 %11 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 4 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 5 %13 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %12, align 32 %14 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %13, i64 0, i32 10 %15 = load i32 (%struct.socket.273260*, i32, i64)*, i32 (%struct.socket.273260*, i32, i64)** %14, align 8 %16 = icmp eq i32 (%struct.socket.273260*, i32, i64)* %15, null br i1 %16, label %19, label %17 %20 = phi i32 [ %18, %17 ], [ -515, %3 ] %21 = icmp eq i32 %20, -515 %22 = and i32 %1, -256 %23 = icmp eq i32 %22, 35584 %24 = and i1 %23, %21 %25 = xor i1 %21, true %26 = or i1 %23, %25 %27 = select i1 %24, i32 -22, i32 %20 br i1 %26, label %193, label %28 %29 = and i64 %2, 4294967295 %30 = inttoptr i64 %29 to i8* %31 = load %struct.sock.273263*, %struct.sock.273263** %11, align 8 %32 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %31, i64 0, i32 0, i32 9, i32 0 %33 = load %struct.net.273332*, %struct.net.273332** %32, align 8 %34 = and i32 %1, -16 %35 = icmp eq i32 %34, 35312 br i1 %35, label %36, label %39 %37 = tail call i64 @sock_ioctl(%struct.file.273225* %0, i32 %1, i64 %29) #76 ------------- Good: 6 Bad: 2 Ignored: 3 Check Use of Function:nv_update_linkspeed Check Use of Function:ext4_ext_release Check Use of Function:qdisc_put_unlocked Check Use of Function:power_supply_changed Check Use of Function:ptep_clear_flush Check Use of Function:pps_cdev_ioctl Use: =BAD PATH= Call Stack: 0 pps_cdev_compat_ioctl ------------- Path:  Function:pps_cdev_compat_ioctl %4 = alloca %struct.pps_fdata_compat, align 4 %5 = alloca %struct.pps_fdata, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pps_device** %8 = load %struct.pps_device*, %struct.pps_device** %7, align 8 %9 = inttoptr i64 %2 to i8* %10 = and i32 %1, -1073676289 %11 = or i32 %10, 524288 %12 = icmp eq i32 %11, -1073188700 br i1 %12, label %13, label %54 %55 = tail call i64 @pps_cdev_ioctl(%struct.file* %0, i32 %11, i64 %2) #77 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:drv_event_callback.72785 Check Use of Function:ext4_da_update_reserve_space Check Use of Function:ext4_xattr_trusted_get Check Use of Function:crng_reseed Use: =BAD PATH= Call Stack: 0 _extract_crng 1 urandom_read_nowarn 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %9 to i32 %12 = icmp ugt i32 %11, 7 %13 = and i32 %11, 6 %14 = icmp eq i32 %13, 6 %15 = or i1 %12, %14 br i1 %15, label %34, label %16 %17 = icmp ult i64 %7, 2147483647 %18 = select i1 %17, i64 %7, i64 2147483647 %19 = and i32 %11, 4 %20 = icmp ne i32 %19, 0 %21 = load i32, i32* @crng_init, align 4 %22 = icmp sgt i32 %21, 1 %23 = or i1 %20, %22 br i1 %23, label %32, label %24, !prof !4 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %34 %28 = tail call i32 @wait_for_random_bytes() #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !5, !misexpect !6 %33 = tail call fastcc i64 @urandom_read_nowarn(i8* %10, i64 %18) #76 Function:urandom_read_nowarn %3 = alloca [64 x i8], align 4 %4 = icmp ult i64 %1, 33554431 %5 = select i1 %4, i64 %1, i64 33554431 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %7 = icmp ugt i64 %5, 256 %8 = icmp eq i64 %5, 0 br i1 %8, label %60, label %9 %10 = phi i8* [ %57, %55 ], [ %0, %2 ] %11 = phi i64 [ %56, %55 ], [ %5, %2 ] %12 = phi i64 [ %58, %55 ], [ 0, %2 ] %13 = phi i64 [ %49, %55 ], [ 64, %2 ] br i1 %7, label %14, label %33 %15 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 0, i32 0 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %33, label %21 %22 = load volatile i64, i64* %17, align 8 %23 = and i64 %22, 131072 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29, !prof !5, !misexpect !6 %26 = load volatile i64, i64* %17, align 8 %27 = and i64 %26, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %32, label %29 call void @schedule() #76 br label %33 %34 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %35 = icmp eq %struct.crng_state** %34, null br i1 %35, label %41, label %36 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !7 %38 = sext i32 %37 to i64 %39 = getelementptr %struct.crng_state*, %struct.crng_state** %34, i64 %38 %40 = load %struct.crng_state*, %struct.crng_state** %39, align 8 br label %41 %42 = phi %struct.crng_state* [ %40, %36 ], [ null, %33 ] %43 = icmp eq %struct.crng_state* %42, null %44 = select i1 %43, %struct.crng_state* @primary_crng, %struct.crng_state* %42 call fastcc void @_extract_crng(%struct.crng_state* %44, i8* nonnull %6) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 urandom_read_nowarn 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = icmp ugt i32 %9, 7 %11 = and i32 %9, 6 %12 = icmp eq i32 %11, 6 %13 = or i1 %10, %12 br i1 %13, label %32, label %14 %15 = icmp ult i64 %6, 2147483647 %16 = select i1 %15, i64 %6, i64 2147483647 %17 = and i32 %9, 4 %18 = icmp ne i32 %17, 0 %19 = load i32, i32* @crng_init, align 4 %20 = icmp sgt i32 %19, 1 %21 = or i1 %18, %20 br i1 %21, label %30, label %22, !prof !4 %23 = and i32 %9, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %26 = tail call i32 @wait_for_random_bytes() #76 %27 = icmp eq i32 %26, 0 br i1 %27, label %30, label %28, !prof !5, !misexpect !6 %31 = tail call fastcc i64 @urandom_read_nowarn(i8* %4, i64 %16) #76 Function:urandom_read_nowarn %3 = alloca [64 x i8], align 4 %4 = icmp ult i64 %1, 33554431 %5 = select i1 %4, i64 %1, i64 33554431 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %7 = icmp ugt i64 %5, 256 %8 = icmp eq i64 %5, 0 br i1 %8, label %60, label %9 %10 = phi i8* [ %57, %55 ], [ %0, %2 ] %11 = phi i64 [ %56, %55 ], [ %5, %2 ] %12 = phi i64 [ %58, %55 ], [ 0, %2 ] %13 = phi i64 [ %49, %55 ], [ 64, %2 ] br i1 %7, label %14, label %33 %15 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 0, i32 0 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %33, label %21 %22 = load volatile i64, i64* %17, align 8 %23 = and i64 %22, 131072 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29, !prof !5, !misexpect !6 %26 = load volatile i64, i64* %17, align 8 %27 = and i64 %26, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %32, label %29 call void @schedule() #76 br label %33 %34 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %35 = icmp eq %struct.crng_state** %34, null br i1 %35, label %41, label %36 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !7 %38 = sext i32 %37 to i64 %39 = getelementptr %struct.crng_state*, %struct.crng_state** %34, i64 %38 %40 = load %struct.crng_state*, %struct.crng_state** %39, align 8 br label %41 %42 = phi %struct.crng_state* [ %40, %36 ], [ null, %33 ] %43 = icmp eq %struct.crng_state* %42, null %44 = select i1 %43, %struct.crng_state* @primary_crng, %struct.crng_state* %42 call fastcc void @_extract_crng(%struct.crng_state* %44, i8* nonnull %6) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 urandom_read_nowarn 2 urandom_read ------------- Path:  Function:urandom_read %5 = load i32, i32* @crng_init, align 4 %6 = icmp slt i32 %5, 2 %7 = load i32, i32* @urandom_read.maxwarn, align 4 %8 = icmp sgt i32 %7, 0 %9 = and i1 %6, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @urandom_read_nowarn(i8* %1, i64 %2) #78 Function:urandom_read_nowarn %3 = alloca [64 x i8], align 4 %4 = icmp ult i64 %1, 33554431 %5 = select i1 %4, i64 %1, i64 33554431 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %7 = icmp ugt i64 %5, 256 %8 = icmp eq i64 %5, 0 br i1 %8, label %60, label %9 %10 = phi i8* [ %57, %55 ], [ %0, %2 ] %11 = phi i64 [ %56, %55 ], [ %5, %2 ] %12 = phi i64 [ %58, %55 ], [ 0, %2 ] %13 = phi i64 [ %49, %55 ], [ 64, %2 ] br i1 %7, label %14, label %33 %15 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 0, i32 0 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %33, label %21 %22 = load volatile i64, i64* %17, align 8 %23 = and i64 %22, 131072 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29, !prof !5, !misexpect !6 %26 = load volatile i64, i64* %17, align 8 %27 = and i64 %26, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %32, label %29 call void @schedule() #76 br label %33 %34 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %35 = icmp eq %struct.crng_state** %34, null br i1 %35, label %41, label %36 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !7 %38 = sext i32 %37 to i64 %39 = getelementptr %struct.crng_state*, %struct.crng_state** %34, i64 %38 %40 = load %struct.crng_state*, %struct.crng_state** %39, align 8 br label %41 %42 = phi %struct.crng_state* [ %40, %36 ], [ null, %33 ] %43 = icmp eq %struct.crng_state* %42, null %44 = select i1 %43, %struct.crng_state* @primary_crng, %struct.crng_state* %42 call fastcc void @_extract_crng(%struct.crng_state* %44, i8* nonnull %6) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 fib6_nh_remove_exception 5 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %4 = icmp eq %struct.dst_entry.892411* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.892388** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1 %13 = bitcast %struct.dst_entry.892411* %12 to %struct.fib6_info.892427** %14 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %13, align 8 %15 = load i32, i32* %7, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq %struct.fib6_info.892427* %14, null br i1 %25, label %61, label %26 %27 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %13, align 8 %43 = icmp eq %struct.fib6_info.892427* %42, null %44 = and i32 %15, 16777216 %45 = icmp eq i32 %44, 0 %46 = or i1 %45, %43 br i1 %46, label %61, label %47 %48 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %42, i64 0, i32 17 %49 = load %struct.nexthop.892423*, %struct.nexthop.892423** %48, align 8 %50 = icmp eq %struct.nexthop.892423* %49, null br i1 %50, label %58, label %51 %59 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %42, i64 0, i32 18, i64 0 %60 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.892426* %59, %struct.rt6_info.892424* nonnull %3) #76 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.250, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.892426, %struct.fib6_nh.892426* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null br i1 %7, label %63, label %8 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #76 %9 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %10 = icmp eq %struct.rt6_exception_bucket* %9, null %11 = ptrtoint %struct.rt6_exception_bucket* %9 to i64 %12 = and i64 %11, -2 %13 = inttoptr i64 %12 to %struct.rt6_exception_bucket* %14 = select i1 %10, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %13 %15 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %1, i64 0, i32 3, i32 0 %16 = icmp ne %struct.rt6_exception_bucket* %14, null %17 = icmp ne %struct.in6_addr* %15, null %18 = and i1 %17, %16 br i1 %18, label %19, label %61 %20 = bitcast %struct.anon.250* %3 to i8* %21 = bitcast %struct.in6_addr* %15 to i8* %22 = getelementptr inbounds %struct.anon.250, %struct.anon.250* %3, i64 0, i32 1 %23 = bitcast %struct.in6_addr* %22 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %24)) #6 to label %29 [label %24], !srcloc !4 %25 = bitcast i64* %4 to i8* %26 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #76 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 fib6_nh_update_exception 5 __ip6_rt_update_pmtu 6 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.892530* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.892411* %0, %struct.sock.892567* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #76 Function:__ip6_rt_update_pmtu %6 = alloca %struct.fib6_nh_match_arg, align 8 %7 = alloca %struct.fib6_result.892941, align 8 %8 = alloca %struct.fib6_nh_match_arg, align 8 %9 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %10 = icmp eq %struct.ipv6hdr* %2, null br i1 %10, label %13, label %11 %14 = icmp eq %struct.sock.892567* %1, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.sock.892567, %struct.sock.892567* %1, i64 0, i32 0, i32 10 %17 = getelementptr inbounds %struct.sock.892567, %struct.sock.892567* %1, i64 0, i32 0, i32 4 %18 = load volatile i8, i8* %17, align 2 br label %19 %20 = phi %struct.in6_addr* [ %12, %11 ], [ null, %13 ], [ %16, %15 ] br i1 %4, label %21, label %29 %22 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 1 %23 = load %struct.dst_ops.892390*, %struct.dst_ops.892390** %22, align 8 %24 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %23, i64 0, i32 15 %25 = load void (%struct.dst_entry.892411*, i8*)*, void (%struct.dst_entry.892411*, i8*)** %24, align 16 %26 = icmp eq void (%struct.dst_entry.892411*, i8*)* %25, null br i1 %26, label %29, label %27 %28 = bitcast %struct.in6_addr* %20 to i8* tail call void %25(%struct.dst_entry.892411* %0, i8* %28) #76 br label %29 %30 = icmp ult i32 %3, 1280 br i1 %30, label %271, label %31 %32 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 1 %33 = load %struct.dst_ops.892390*, %struct.dst_ops.892390** %32, align 8 %34 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %33, i64 0, i32 5 %35 = load i32 (%struct.dst_entry.892411*)*, i32 (%struct.dst_entry.892411*)** %34, align 32 %36 = icmp eq i32 (%struct.dst_entry.892411*)* %35, @ip6_mtu br i1 %36, label %37, label %56, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 2 %39 = load i64, i64* %38, align 8 %40 = and i64 %39, -4 %41 = inttoptr i64 %40 to i32* %42 = getelementptr i32, i32* %41, i64 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %62 %63 = phi i32 [ %59, %58 ], [ %61, %60 ], [ %43, %37 ], [ %55, %54 ] %64 = icmp ugt i32 %63, %3 br i1 %64, label %65, label %271 %66 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %67 = bitcast %struct.lwtunnel_state.892388** %66 to i32* %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 16777216 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %79 %72 = and i32 %68, 1073741824 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %168 %75 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1 %76 = bitcast %struct.dst_entry.892411* %75 to %struct.fib6_info.892427** %77 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %76, align 8 %78 = icmp eq %struct.fib6_info.892427* %77, null br i1 %78, label %79, label %168 %80 = getelementptr %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 0 %81 = load %struct.net_device.892517*, %struct.net_device.892517** %80, align 8 %82 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %81, i64 0, i32 109, i32 0 %83 = load %struct.net.892636*, %struct.net.892636** %82, align 8 %84 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 2 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88, !prof !8, !misexpect !9 %89 = and i64 %85, 1 %90 = icmp eq i64 %89, 0 br i1 %90, label %96, label %91 %97 = and i64 %85, -4 %98 = inttoptr i64 %97 to i32* br label %99 %100 = phi i32* [ %95, %91 ], [ %98, %96 ] %101 = icmp eq i32* %100, null br i1 %101, label %104, label %102 %105 = load i32, i32* %67, align 8 %106 = or i32 %105, 32 store i32 %106, i32* %67, align 8 %107 = getelementptr inbounds %struct.net.892636, %struct.net.892636* %83, i64 0, i32 35, i32 1, i32 11 %108 = load i32, i32* %107, align 64 %109 = and i32 %105, 4194304 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %121 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %112 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1 %113 = bitcast %struct.dst_entry.892411* %112 to %struct.fib6_info.892427** %114 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %113, align 8 %115 = icmp eq %struct.fib6_info.892427* %114, null br i1 %115, label %120, label %116 %117 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %114, i64 0, i32 6 %118 = load i64, i64* %117, align 8 %119 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 3 store i64 %118, i64* %119, align 8 br label %120 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br label %121 %122 = load volatile i64, i64* @jiffies, align 64 %123 = sext i32 %108 to i64 %124 = add i64 %122, %123 %125 = icmp eq i64 %124, 0 %126 = select i1 %125, i64 1, i64 %124 %127 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 3 %128 = load i64, i64* %127, align 8 %129 = icmp eq i64 %128, 0 %130 = sub i64 %126, %128 %131 = icmp slt i64 %130, 0 %132 = or i1 %129, %131 br i1 %132, label %133, label %134 %135 = load i32, i32* %67, align 8 %136 = or i32 %135, 4194304 store i32 %136, i32* %67, align 8 %137 = and i32 %135, 16777216 %138 = icmp eq i32 %137, 0 br i1 %138, label %271, label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %140 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1 %141 = bitcast %struct.dst_entry.892411* %140 to %struct.fib6_info.892427** %142 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %141, align 8 %143 = icmp eq %struct.fib6_info.892427* %142, null br i1 %143, label %167, label %144 %145 = load i32, i32* %67, align 8 %146 = and i32 %145, 16777216 %147 = icmp eq i32 %146, 0 br i1 %147, label %167, label %148 %149 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %142, i64 0, i32 17 %150 = load %struct.nexthop.892423*, %struct.nexthop.892423** %149, align 8 %151 = icmp eq %struct.nexthop.892423* %150, null br i1 %151, label %163, label %152 %164 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %142, i64 0, i32 18, i64 0 br label %165 %166 = phi %struct.fib6_nh.892426* [ %161, %152 ], [ %164, %163 ] call fastcc void @fib6_nh_update_exception(%struct.fib6_nh.892426* %166, %struct.rt6_info.892424* %9) #76 Function:fib6_nh_update_exception %3 = alloca %struct.anon.250, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.892426, %struct.fib6_nh.892426* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null %8 = ptrtoint %struct.rt6_exception_bucket* %6 to i64 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rt6_exception_bucket* %11 = select i1 %7, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %10 %12 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %1, i64 0, i32 3, i32 0 %13 = icmp ne %struct.rt6_exception_bucket* %11, null %14 = icmp ne %struct.in6_addr* %12, null %15 = and i1 %14, %13 br i1 %15, label %16, label %61 %17 = bitcast %struct.anon.250* %3 to i8* %18 = bitcast %struct.in6_addr* %12 to i8* %19 = getelementptr inbounds %struct.anon.250, %struct.anon.250* %3, i64 0, i32 1 %20 = bitcast %struct.in6_addr* %19 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_update_exception, %21)) #6 to label %26 [label %21], !srcloc !4 %22 = bitcast i64* %4 to i8* %23 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #76 br i1 %23, label %24, label %25, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #76 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 ip_del_fnhe 5 __mkroute_output 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ipip6_tunnel_bind_dev 9 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #76 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_rps_cpu 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 tcp_recvmsg 10 inet6_recvmsg 11 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #76 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_rps_cpu 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #76 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 netdev_pick_tx 7 netdev_core_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #76 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_get_hash 5 get_xps_queue 6 netdev_pick_tx 7 netdev_core_pick_tx 8 __dev_queue_xmit 9 dev_queue_xmit 10 netlink_deliver_tap 11 netlink_sendskb 12 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #76 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #76 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void @generate_random_uuid(i8* nonnull %13) #76 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #76 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void @generate_random_uuid(i8* nonnull %13) #76 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i32 16) #76 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #78 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = icmp sgt i32 %1, 63 br i1 %22, label %23, label %40 %24 = phi i32 [ %38, %33 ], [ %1, %21 ] %25 = phi i8* [ %37, %33 ], [ %0, %21 ] %26 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %27 = icmp eq %struct.crng_state** %26, null br i1 %27, label %33, label %28 %34 = phi %struct.crng_state* [ %32, %28 ], [ null, %23 ] %35 = icmp eq %struct.crng_state* %34, null %36 = select i1 %35, %struct.crng_state* @primary_crng, %struct.crng_state* %34 tail call fastcc void @_extract_crng(%struct.crng_state* %36, i8* %25) #76 %37 = getelementptr i8, i8* %25, i64 64 %38 = add nsw i32 %24, -64 %39 = icmp sgt i32 %24, 127 br i1 %39, label %23, label %40 %41 = phi i8* [ %0, %21 ], [ %37, %33 ] %42 = phi i32 [ %1, %21 ], [ %38, %33 ] %43 = icmp sgt i32 %42, 0 br i1 %43, label %44, label %57 %58 = phi i32 [ %42, %52 ], [ 64, %40 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %58) #77 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #76 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #76 ------------- Good: 1195 Bad: 13 Ignored: 1197 Check Use of Function:dm_pr_reserve Check Use of Function:mq_clear_sbinfo Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #76 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #76 br i1 %3, label %4, label %10 tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #76 br i1 %5, label %6, label %14 %7 = bitcast i32* %2 to %struct.ipc_namespace* tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %7) #76 ------------- Good: 13 Bad: 2 Ignored: 5 Check Use of Function:ieee80211_sta_get_rates Check Use of Function:compat_start_thread Check Use of Function:vfat_revalidate Check Use of Function:sd_pr_preempt Check Use of Function:snd_hwdep_ioctl_compat Check Use of Function:vfs_tmpfile Check Use of Function:_dev_warn Use: =BAD PATH= Call Stack: 0 pcmcia_replace_cis 1 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -9, i32 1, i32 1 %13 = bitcast %struct.list_head** %12 to %struct.pcmcia_socket.656722* %14 = icmp ne i64 %4, 0 %15 = icmp ugt i64 %5, 511 %16 = or i1 %14, %15 br i1 %16, label %26, label %17 %18 = getelementptr inbounds %struct.pcmcia_socket.656722, %struct.pcmcia_socket.656722* %13, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @pcmcia_replace_cis(%struct.pcmcia_socket.656722* %13, i8* %3, i64 %5) #77 Function:pcmcia_replace_cis %4 = icmp ugt i64 %2, 512 br i1 %4, label %5, label %7 %6 = getelementptr inbounds %struct.pcmcia_socket.656722, %struct.pcmcia_socket.656722* %0, i64 0, i32 42 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %6, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.1.53201, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.13592, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.317892* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29271, i64 0, i64 0)) #76 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.80.29272, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %0, i64 %18, i64 1, i8* nonnull %11) #76 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %47, i32 %49) #76 %51 = icmp eq %struct.pci_dev.322177* %50, null br i1 %51, label %59, label %52 %60 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %60, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.29598, i64 0, i64 0), i64 %42) #77 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %0, i64 %18, i64 1, i8* nonnull %11) #76 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %47, i32 %49) #76 %51 = icmp eq %struct.pci_dev.322177* %50, null br i1 %51, label %59, label %52 %60 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %60, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.29598, i64 0, i64 0), i64 %42) #77 ------------- Good: 1420 Bad: 5 Ignored: 1127 Check Use of Function:sta_info_free Check Use of Function:perf_event_fork Check Use of Function:proc_root_lookup Check Use of Function:vm_access_ttm Check Use of Function:ieee80211_txq_teardown_flows Check Use of Function:snd_timer_user_ioctl_compat Check Use of Function:bprm_change_interp Check Use of Function:unlock_device_hotplug Check Use of Function:dev_valid_name Check Use of Function:i915_ioc32_compat_ioctl Check Use of Function:tty_ioctl Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %15 = and i64 %2, 4294967295 %16 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %15) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %15 = and i64 %2, 4294967295 %16 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %15) #76 ------------- Good: 3 Bad: 4 Ignored: 6 Check Use of Function:compat_sock_ioctl Check Use of Function:sg_ioctl Check Use of Function:ext4_dx_csum Check Use of Function:snd_seq_ioctl_compat Check Use of Function:llist_add_batch Use: =BAD PATH= Call Stack: 0 __put_net 1 put_fs_context 2 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.157736*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #76 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 5 %3 = load %struct.dentry.157676*, %struct.dentry.157676** %2, align 8 %4 = icmp eq %struct.dentry.157676* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157314*, %struct.fs_context_operations.157314** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157314* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157314, %struct.fs_context_operations.157314* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.157736*)*, void (%struct.fs_context.157736*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.157736*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #76 %25 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %26) #76 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63190) #76 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %9) #76 tail call void @generic_fillattr(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %9, %struct.kstat* %2) #77 %11 = icmp eq %struct.net* %10, null br i1 %11, label %28, label %12 %13 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 16 %14 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %13, align 32 %15 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %14, i64 0, i32 13 %16 = load i32, i32* %15, align 8 %17 = getelementptr inbounds %struct.kstat, %struct.kstat* %2, i64 0, i32 2 store i32 %16, i32* %17, align 8 %18 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 -1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 1 br i1 %21, label %27, label %22 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* nonnull %10) #77 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63190) #76 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %8) #76 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63190) #76 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %10) #76 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63190) #76 ------------- Use: =BAD PATH= Call Stack: 0 netns_put ------------- Path:  Function:netns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -3, i32 2 %13 = bitcast i32* %12 to %struct.llist_node* %14 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %13, %struct.llist_node* %13, %struct.llist_node* nonnull @cleanup_list.63190) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %63, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #76 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %63 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #76 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.debugfs_u32_array, align 8 %4 = bitcast %struct.debugfs_u32_array* %3 to i8* %5 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #76 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !12, !misexpect !13 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %63, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #76 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %63 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #76 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.debugfs_u32_array, align 8 %4 = bitcast %struct.debugfs_u32_array* %3 to i8* %5 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #76 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !12, !misexpect !13 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsrl_on_cpu 3 energy_perf_bias_store ------------- Path:  Function:energy_perf_bias_store %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %8 = load i32, i32* %7, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([5 x i8*], [5 x i8*]* @energy_perf_strings, i64 0, i64 0), i64 5, i8* %2) #76 %12 = icmp sgt i32 %11, -1 br i1 %12, label %13, label %18 %19 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %6) #76 %20 = icmp ne i32 %19, 0 %21 = load i64, i64* %6, align 8 %22 = icmp ugt i64 %21, 15 %23 = or i1 %20, %22 br i1 %23, label %38, label %24 %25 = call i32 @rdmsrl_on_cpu(i32 %8, i32 432, i64* nonnull %5) #76 Function:rdmsrl_on_cpu %4 = alloca %struct.msr_info, align 8 %5 = bitcast %struct.msr_info* %4 to i8* %6 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %4, i64 0, i32 0 store i32 %1, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_on_cpu, i8* nonnull %5, i32 1) #76 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !12, !misexpect !13 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsrl_on_cpu 3 energy_perf_bias_show ------------- Path:  Function:energy_perf_bias_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %6 = load i32, i32* %5, align 8 %7 = bitcast i64* %4 to i8* %8 = call i32 @rdmsrl_on_cpu(i32 %6, i32 432, i64* nonnull %4) #76 Function:rdmsrl_on_cpu %4 = alloca %struct.msr_info, align 8 %5 = bitcast %struct.msr_info* %4 to i8* %6 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %4, i64 0, i32 0 store i32 %1, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_on_cpu, i8* nonnull %5, i32 1) #76 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !12, !misexpect !13 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_safe_on_cpu 3 msr_write ------------- Path:  Function:msr_write %5 = alloca [2 x i32], align 4 %6 = bitcast i8* %1 to i32* %7 = bitcast [2 x i32]* %5 to i8* %8 = load i64, i64* %3, align 8 %9 = trunc i64 %8 to i32 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.inode, %struct.inode* %11, i64 0, i32 13 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1048575 %15 = tail call i32 @security_locked_down(i32 8) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = load i32, i32* @allow_writes, align 4 switch i32 %20, label %21 [ i32 0, label %32 i32 1, label %64 ] %22 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @filter_write.fw_rs, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.filter_write, i64 0, i64 0)) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %32, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 87, i64 0 %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 53 %29 = load i32, i32* %28, align 8 %30 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([56 x i8], [56 x i8]* @.str.6.3433, i64 0, i64 0), i32 %9, i8* %27, i32 %29) #77 %31 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([91 x i8], [91 x i8]* @.str.7.3434, i64 0, i64 0)) #77 br label %32 %33 = and i64 %2, 7 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = icmp eq i64 %2, 0 br i1 %36, label %62, label %37 %38 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %39 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 br label %40 %41 = phi i64 [ 0, %37 ], [ %54, %52 ] %42 = phi i64 [ %2, %37 ], [ %55, %52 ] %43 = phi i32* [ %6, %37 ], [ %53, %52 ] %44 = bitcast i32* %43 to i8* %45 = call i64 @_copy_from_user(i8* nonnull %7, i8* %44, i64 8) #76 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %57 call void @add_taint(i32 2, i32 0) #76 %48 = load i32, i32* %38, align 4 %49 = load i32, i32* %39, align 4 %50 = call i32 @wrmsr_safe_on_cpu(i32 %14, i32 %9, i32 %48, i32 %49) #76 Function:wrmsr_safe_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_safe_on_cpu, i8* nonnull %6, i32 1) #76 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !12, !misexpect !13 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 arch_freq_prepare_all 3 cpuinfo_open ------------- Path:  Function:cpuinfo_open tail call void @arch_freq_prepare_all() #76 Function:arch_freq_prepare_all %1 = tail call i64 @ktime_get() #76 %2 = load i32, i32* @cpu_khz, align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %55, label %4 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 0) to i64*), align 8 %6 = and i64 %5, 1152921504606846976 %7 = icmp eq i64 %6, 0 br i1 %7, label %55, label %8 %9 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #77 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp ult i32 %9, %10 br i1 %11, label %12, label %55 %13 = phi i32 [ %47, %45 ], [ %9, %8 ] %14 = phi i8 [ %46, %45 ], [ 0, %8 ] br label %15 %16 = phi i32 [ %13, %12 ], [ %22, %21 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @housekeeping_overridden to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@arch_freq_prepare_all, %17)) #6 to label %19 [label %17], !srcloc !4 %20 = tail call zeroext i1 @rcu_is_idle_cpu(i32 %16) #76 br i1 %20, label %21, label %25 %26 = sext i32 %16 to i64 %27 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %26 %28 = load i64, i64* %27, align 8 %29 = add i64 %28, ptrtoint (i64* getelementptr inbounds (%struct.aperfmperf_sample, %struct.aperfmperf_sample* @samples, i64 0, i32 2) to i64) %30 = inttoptr i64 %29 to i64* %31 = load i64, i64* %30, align 8 %32 = sub i64 %1, %31 %33 = icmp slt i64 %32, 10000000 br i1 %33, label %44, label %34 %35 = add i64 %28, ptrtoint (%struct.aperfmperf_sample* @samples to i64) %36 = inttoptr i64 %35 to %struct.aperfmperf_sample* %37 = getelementptr inbounds %struct.aperfmperf_sample, %struct.aperfmperf_sample* %36, i64 0, i32 1, i32 0 %38 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 1, i32* %37) #6, !srcloc !5 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %42 %41 = tail call i32 @smp_call_function_single(i32 %16, void (i8*)* nonnull @aperfmperf_snapshot_khz, i8* null, i32 0) #76 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !12, !misexpect !13 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 rdmsr_safe_on_cpu 3 msr_read ------------- Path:  Function:msr_read %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %44 %17 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %18 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 %19 = icmp eq i64 %2, 0 br i1 %19, label %42, label %20 %21 = bitcast i8* %1 to i32* br label %22 %23 = phi i64 [ %34, %32 ], [ 0, %20 ] %24 = phi i64 [ %35, %32 ], [ %2, %20 ] %25 = phi i32* [ %33, %32 ], [ %21, %20 ] %26 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %17, i32* %18) #76 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = bitcast %struct.__call_single_data* %6 to i8* %10 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %10, align 16 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 8 %13 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %14 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_swait_queue_head(%struct.swait_queue_head* %13, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.1.28385, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.28386) #76 %15 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 0, i32 0 store i32 %1, i32* %15, align 8 %16 = call i32 @smp_call_function_single_async(i32 %0, %struct.__call_single_data* nonnull %6) #76 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 1, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %57 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3442, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key) #76 %20 = icmp eq i64 %2, 0 br i1 %20, label %55, label %21 %22 = bitcast %struct.__call_single_data* %6 to i8* %23 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %24 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %25 = bitcast i8** %24 to %struct.cpuid_regs_done** %26 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 0 %27 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 2 %28 = bitcast %struct.__call_single_data* %6 to i8* br label %29 %30 = phi i64 [ %2, %21 ], [ %48, %44 ] %31 = phi i64 [ 0, %21 ], [ %46, %44 ] %32 = phi i64 [ %16, %21 ], [ %47, %44 ] %33 = phi i8* [ %1, %21 ], [ %45, %44 ] store void (i8*)* @cpuid_smp_cpuid, void (i8*)** %23, align 16 store %struct.cpuid_regs_done* %5, %struct.cpuid_regs_done** %25, align 8 %34 = trunc i64 %32 to i32 store i32 %34, i32* %26, align 8 %35 = lshr i64 %32, 32 %36 = trunc i64 %35 to i32 store i32 %36, i32* %27, align 8 %37 = call i32 @smp_call_function_single_async(i32 %12, %struct.__call_single_data* nonnull %6) #76 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 1, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1) #76 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !13 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 force_sig_info_to_task 5 force_sig 6 signal_fault 7 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %13 = load i64, i64* %12, align 8 %14 = add i64 %13, -4 %15 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %14 br i1 %17, label %42, label %18, !prof !6, !misexpect !7 %19 = inttoptr i64 %14 to %struct.rt_sigframe_ia32* %21 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %22 = bitcast %struct.kernel_cap_struct* %21 to i64* %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %20) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %42, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #76 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %33 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #77 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %42 %36 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %37 = call i32 @compat_restore_altstack(%struct.uid_gid_extent* %36) #76 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %42 %43 = inttoptr i64 %14 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %43, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4721, i64 0, i64 0)) #76 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct* %10, i32 0) #76 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #76 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 95 %50 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 @wake_up_state(%struct.task_struct* %1, i32 1) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 force_sig_info_to_task 5 force_sig 6 signal_fault 7 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %13 br i1 %18, label %50, label %19, !prof !6, !misexpect !7 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %23 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %20) #6, !srcloc !8 %24 = extractvalue { i32*, i32, i64 } %23, 0 %25 = extractvalue { i32*, i32, i64 } %23, 1 %26 = extractvalue { i32*, i32, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = zext i32 %25 to i64 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %28, i64* %29, align 8 %30 = and i64 %27, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %50, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #76 %45 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %21) #77 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %50 %51 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %51, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4718, i64 0, i64 0)) #76 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct* %10, i32 0) #76 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #76 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 95 %50 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 @wake_up_state(%struct.task_struct* %1, i32 1) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 force_sig_info_to_task 5 force_sig 6 signal_fault 7 __do_sys_rt_sigreturn ------------- Path:  Function:__do_sys_rt_sigreturn %2 = alloca %struct.sigcontext_64, align 8 %3 = alloca %struct.cpumask, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 2 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 32 %9 = add i64 %8, 16384 %10 = inttoptr i64 %9 to %struct.pt_regs* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1 %12 = bitcast %struct.cpumask* %3 to i8* %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -8 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -440 %18 = icmp ult i64 %17, %15 br i1 %18, label %139, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe* %22 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 4, i32 0, i64 0 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %3, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %139, !prof !9, !misexpect !10 %33 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 0 %34 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 8, i64 %32) #6, !srcloc !11 %35 = extractvalue { i64*, i64, i64 } %34, 0 %36 = extractvalue { i64*, i64, i64 } %34, 2 %37 = ptrtoint i64* %35 to i64 %38 = and i64 %37, 4294967295 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %139, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %3) #76 %41 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 3 %42 = bitcast %struct.sigcontext_64* %2 to i8* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 52, i32 1 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %43, align 8 %44 = bitcast %struct.sigcontext_64* %41 to i8* %45 = call i64 @_copy_from_user(i8* nonnull %42, i8* %44, i64 192) #76 %46 = icmp eq i64 %45, 0 br i1 %46, label %48, label %47 br label %139 %140 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %11, i8* %140, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.6.1385, i64 0, i64 0)) #77 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct* %10, i32 0) #76 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #76 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 95 %50 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 @wake_up_state(%struct.task_struct* %1, i32 1) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_waitid 10 __se_compat_sys_waitid 11 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_waitid 10 __se_sys_waitid 11 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_waitid 10 __se_sys_waitid 11 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 signal_wake_up_state 5 __ptrace_unlink 6 release_task 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 Function:signal_wake_up_state %3 = bitcast %struct.task_struct* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i32 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 @wake_up_state(%struct.task_struct* %0, i32 %4) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 zap_other_threads 5 do_group_exit 6 __do_sys_exit_group 7 __se_sys_exit_group 8 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #76 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #76 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #76 Function:do_group_exit %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.48979* %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %5 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %4, align 32 %6 = trunc i32 %0 to i8 %7 = icmp sgt i8 %6, -1 br i1 %7, label %9, label %8, !prof !5, !misexpect !6 %10 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %5, i64 0, i32 12 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %5, i64 0, i32 10 %16 = load %struct.task_struct.48979*, %struct.task_struct.48979** %15, align 8 %17 = icmp eq %struct.task_struct.48979* %16, null br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %24 = load volatile %struct.list_head*, %struct.list_head** %23, align 8 %25 = icmp eq %struct.list_head* %24, %22 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #76 %30 = load i32, i32* %10, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.48979*, %struct.task_struct.48979** %15, align 8 %37 = icmp eq %struct.task_struct.48979* %36, null %38 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %5, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %10, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct*)* @zap_other_threads to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %3 = load %struct.signal_struct*, %struct.signal_struct** %2, align 32 %4 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 65, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = getelementptr %struct.list_head, %struct.list_head* %6, i64 -91, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.task_struct* %9 = icmp eq %struct.task_struct* %8, %0 br i1 %9, label %43, label %10 %11 = phi %struct.task_struct* [ %41, %37 ], [ %8, %1 ] %12 = phi %struct.list_head** [ %40, %37 ], [ %7, %1 ] %13 = phi i32 [ %24, %37 ], [ 0, %1 ] %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 148 %15 = bitcast %struct.list_head** %14 to i64* %16 = load i64, i64* %15, align 32 %17 = and i64 %16, -2031617 store i64 %17, i64* %15, align 32 %18 = and i64 %16, 2097152 %19 = icmp eq i64 %18, 0 br i1 %19, label %23, label %20, !prof !4 %24 = add i32 %13, 1 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 42 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %37 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 235 %30 = bitcast %struct.list_head** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = or i64 %31, 256 store i64 %32, i64* %30, align 8 %33 = bitcast %struct.list_head** %12 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %33, i32 4, i8* %33) #6, !srcloc !6 %34 = tail call i32 @wake_up_state(%struct.task_struct* %11, i32 257) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 zap_other_threads 5 do_group_exit 6 __do_sys_exit_group 7 __se_sys_exit_group 8 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #76 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #76 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #76 Function:do_group_exit %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.48979* %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %5 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %4, align 32 %6 = trunc i32 %0 to i8 %7 = icmp sgt i8 %6, -1 br i1 %7, label %9, label %8, !prof !5, !misexpect !6 %10 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %5, i64 0, i32 12 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %5, i64 0, i32 10 %16 = load %struct.task_struct.48979*, %struct.task_struct.48979** %15, align 8 %17 = icmp eq %struct.task_struct.48979* %16, null br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %24 = load volatile %struct.list_head*, %struct.list_head** %23, align 8 %25 = icmp eq %struct.list_head* %24, %22 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #76 %30 = load i32, i32* %10, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.48979*, %struct.task_struct.48979** %15, align 8 %37 = icmp eq %struct.task_struct.48979* %36, null %38 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %5, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %10, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct*)* @zap_other_threads to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %3 = load %struct.signal_struct*, %struct.signal_struct** %2, align 32 %4 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 65, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = getelementptr %struct.list_head, %struct.list_head* %6, i64 -91, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.task_struct* %9 = icmp eq %struct.task_struct* %8, %0 br i1 %9, label %43, label %10 %11 = phi %struct.task_struct* [ %41, %37 ], [ %8, %1 ] %12 = phi %struct.list_head** [ %40, %37 ], [ %7, %1 ] %13 = phi i32 [ %24, %37 ], [ 0, %1 ] %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 148 %15 = bitcast %struct.list_head** %14 to i64* %16 = load i64, i64* %15, align 32 %17 = and i64 %16, -2031617 store i64 %17, i64* %15, align 32 %18 = and i64 %16, 2097152 %19 = icmp eq i64 %18, 0 br i1 %19, label %23, label %20, !prof !4 %24 = add i32 %13, 1 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 42 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %37 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 235 %30 = bitcast %struct.list_head** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = or i64 %31, 256 store i64 %32, i64* %30, align 8 %33 = bitcast %struct.list_head** %12 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %33, i32 4, i8* %33) #6, !srcloc !6 %34 = tail call i32 @wake_up_state(%struct.task_struct* %11, i32 257) #76 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 sk_filter_trim_cap 9 sock_queue_rcv_skb 10 ping_queue_rcv_skb ------------- Path:  Function:ping_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.273263*, %struct.sk_buff.273008*)* @sock_queue_rcv_skb to i32 (%struct.sock*, %struct.sk_buff*)*)(%struct.sock* %0, %struct.sk_buff* %1) #76 Function:sock_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.762327*, %struct.sk_buff.762287*, i32)* @sk_filter_trim_cap to i32 (%struct.sock.273263*, %struct.sk_buff.273008*, i32)*)(%struct.sock.273263* %0, %struct.sk_buff.273008* %1, i32 1) #76 Function:sk_filter_trim_cap %4 = alloca [20 x i8], align 16 %5 = getelementptr inbounds %struct.sk_buff.762287, %struct.sk_buff.762287* %1, i64 0, i32 12 %6 = load i8, i8* %5, align 2 %7 = and i8 %6, 64 %8 = icmp eq i8 %7, 0 br i1 %8, label %20, label %9 %10 = getelementptr inbounds %struct.sock.762327, %struct.sock.762327* %0, i64 0, i32 0, i32 13, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 16384 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %20 %21 = tail call i32 bitcast (i32 (%struct.sock*, %struct.sk_buff*)* @security_sock_rcv_skb to i32 (%struct.sock.762327*, %struct.sk_buff.762287*)*)(%struct.sock.762327* %0, %struct.sk_buff.762287* %1) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %98 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = getelementptr inbounds %struct.sock.762327, %struct.sock.762327* %0, i64 0, i32 12 %25 = load volatile %struct.sk_filter.762307*, %struct.sk_filter.762307** %24, align 8 %26 = icmp eq %struct.sk_filter.762307* %25, null br i1 %26, label %96, label %27 %28 = getelementptr inbounds %struct.sk_buff.762287, %struct.sk_buff.762287* %1, i64 0, i32 1, i32 0 %29 = bitcast %struct.sock.762327** %28 to i64* %30 = load i64, i64* %29, align 8 store %struct.sock.762327* %0, %struct.sock.762327** %28, align 8 %31 = getelementptr inbounds %struct.sk_filter.762307, %struct.sk_filter.762307* %25, i64 0, i32 2 %32 = load %struct.bpf_prog.762111*, %struct.bpf_prog.762111** %31, align 8 tail call void @migrate_disable() #76 %33 = bitcast %struct.sk_buff.762287* %1 to i8* %34 = getelementptr inbounds %struct.sk_buff.762287, %struct.sk_buff.762287* %1, i64 0, i32 3, i64 8 %35 = getelementptr inbounds [20 x i8], [20 x i8]* %4, i64 0, i64 0 %36 = getelementptr inbounds %struct.bpf_prog.762111, %struct.bpf_prog.762111* %32, i64 0, i32 1 %37 = load i16, i16* %36, align 2 %38 = and i16 %37, 8 %39 = icmp eq i16 %38, 0 br i1 %39, label %41, label %40, !prof !6, !misexpect !7 br label %41 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@sk_filter_trim_cap, %42)) #6 to label %60 [label %42], !srcloc !8 %61 = getelementptr inbounds %struct.bpf_prog.762111, %struct.bpf_prog.762111* %32, i64 0, i32 13, i64 0 %62 = getelementptr inbounds %struct.bpf_prog.762111, %struct.bpf_prog.762111* %32, i64 0, i32 9 %63 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %62, align 8 %64 = tail call i32 %63(i8* %33, %struct.bpf_insn* %61) #76 br label %65 %66 = phi i32 [ %47, %42 ], [ %64, %60 ] %67 = load i16, i16* %36, align 2 %68 = and i16 %67, 8 %69 = icmp eq i16 %68, 0 br i1 %69, label %71, label %70, !prof !6, !misexpect !7 tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 ___skb_get_hash 11 __skb_get_hash 12 get_rps_cpu 13 netif_receive_skb_list_internal 14 busy_poll_stop 15 napi_busy_loop 16 tcp_recvmsg 17 inet6_recvmsg 18 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 ___skb_get_hash 11 __skb_get_hash 12 get_rps_cpu 13 netif_receive_skb_list_internal 14 busy_poll_stop 15 napi_busy_loop 16 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 ___skb_get_hash 11 __skb_get_hash 12 get_xps_queue 13 netdev_pick_tx 14 netdev_core_pick_tx 15 __dev_queue_xmit 16 dev_queue_xmit 17 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 ___skb_get_hash 11 __skb_get_hash 12 get_xps_queue 13 netdev_pick_tx 14 netdev_core_pick_tx 15 __dev_queue_xmit 16 dev_queue_xmit 17 netlink_deliver_tap 18 netlink_sendskb 19 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 fib_multipath_hash 11 fib_select_path 12 ip_route_output_key_hash_rcu 13 ip_route_output_flow 14 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 fib_multipath_hash 11 fib_select_path 12 ip_route_output_key_hash_rcu 13 ip_route_output_flow 14 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 fib_multipath_hash 11 fib_select_path 12 ip_route_output_key_hash_rcu 13 ip_route_output_flow 14 ipip6_tunnel_bind_dev 15 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 fib_multipath_hash 11 fib_select_path 12 __ip_rt_update_pmtu 13 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 stop_one_cpu_nowait 5 __set_cpus_allowed_ptr_locked 6 __set_cpus_allowed_ptr 7 migrate_enable 8 bpf_flow_dissect 9 __skb_flow_dissect 10 fib_multipath_hash 11 fib_select_path 12 __ip_do_redirect 13 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !13 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #76 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #76 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #76 Function:stop_one_cpu_nowait %5 = alloca %struct.wake_q_head, align 8 %7 = ptrtoint i8* %6 to i64 %8 = bitcast %struct.cpu_stop_work* %3 to i8* %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %7, i64* %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %11, align 8 %12 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %12, align 8 %13 = zext i32 %0 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %17 = inttoptr i64 %16 to %struct.cpu_stopper* %18 = bitcast %struct.wake_q_head* %5 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 1 %22 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %21) #76 %23 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %17, i64 0, i32 2 %24 = load i8, i8* %23, align 4, !range !5 %25 = icmp ne i8 %24, 0 br i1 %25, label %26, label %36 %37 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %12, align 8 %38 = icmp eq %struct.cpu_stop_done* %37, null br i1 %38, label %46, label %39 %40 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 0, i32 0 %41 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %40, i32* %40) #6, !srcloc !6 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %46, label %44 %45 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %37, i64 0, i32 2 call void @complete(%struct.completion* %45) #76 br label %46 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %21, i64 %22) #76 call void @wake_up_q(%struct.wake_q_head* nonnull %5) #76 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #76 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #76 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %269, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %148, label %143 %149 = load volatile i32, i32* %140, align 4 %150 = icmp eq i32 %149, 0 br i1 %150, label %154, label %151 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %152 = load volatile i32, i32* %140, align 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %151 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %155 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %156 = load i32, i32* %155, align 4 %157 = or i32 %2, 8 %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %159 = load i32, i32* %158, align 32 %160 = icmp sgt i32 %159, 1 br i1 %160, label %161, label %171 %162 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %163 = load i16, i16* %162, align 8 %164 = icmp eq i16 %163, 0 br i1 %164, label %165, label %171 %172 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %173 = load %struct.cpumask*, %struct.cpumask** %172, align 8 %174 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %173, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 8 %176 = icmp eq i64 %175, 0 br i1 %176, label %180, label %177 %178 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %175) #4, !srcloc !27 %179 = trunc i64 %178 to i32 br label %180 %181 = phi i32 [ %170, %165 ], [ %179, %177 ], [ 64, %171 ] %182 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %181) #76 br i1 %182, label %187, label %183, !prof !17, !misexpect !22 %188 = phi i32 [ %186, %183 ], [ %181, %180 ] %189 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %190 = load volatile i32, i32* %189, align 8 %191 = icmp eq i32 %190, %188 br i1 %191, label %219, label %192 %220 = phi i32 [ %218, %217 ], [ %2, %187 ] %221 = sext i32 %188 to i64 %222 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %221 %223 = load i64, i64* %222, align 8 %224 = add i64 %223, ptrtoint (%struct.rq* @runqueues to i64) %225 = inttoptr i64 %224 to %struct.rq* %226 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %188, i32 %220) #76 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %57, label %8 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %10 = icmp eq i32 %9, %1 br i1 %10, label %25, label %11 %12 = sext i32 %9 to i64 %13 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, ptrtoint (i32* @sd_llc_id to i64) %16 = inttoptr i64 %15 to i32* %17 = load i32, i32* %16, align 4 %18 = sext i32 %1 to i64 %19 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %18 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, ptrtoint (i32* @sd_llc_id to i64) %22 = inttoptr i64 %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %17, %23 br i1 %24, label %25, label %37 %26 = and i32 %2, 64 %27 = icmp eq i32 %26, 0 br i1 %27, label %57, label %28 %29 = sext i32 %1 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp ult i32 %35, 2 br i1 %36, label %37, label %57 %38 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %39 = icmp eq i32 %38, %1 br i1 %39, label %40, label %41, !prof !7, !misexpect !8 %42 = tail call i64 @sched_clock_cpu(i32 %1) #76 %43 = sext i32 %1 to i64 %44 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %43 %45 = load i64, i64* %44, align 8 %46 = add i64 %45, ptrtoint (%struct.rq* @runqueues to i64) %47 = inttoptr i64 %46 to %struct.rq* %48 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %49 = lshr i32 %2, 5 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 %52 = load i8, i8* %48, align 16 %53 = and i8 %52, -2 %54 = or i8 %53, %51 store i8 %54, i8* %48, align 16 %55 = getelementptr inbounds %struct.rq, %struct.rq* %47, i64 0, i32 8 store volatile i32 1, i32* %55, align 8 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %56) #76 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %7 to %struct.iovec* %19 = trunc i64 %17 to i32 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = icmp eq i64 %21, -1 br i1 %22, label %23, label %25 %24 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %18, i64 %10, i32 %19) #76 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __ia32_sys_writev ------------- Path:  Function:__ia32_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #76 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __x64_sys_pwritev2 ------------- Path:  Function:__x64_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #76 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __x64_sys_writev ------------- Path:  Function:__x64_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #76 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_write 4 __ia32_sys_write ------------- Path:  Function:__ia32_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_write(i32 %10, i8* %11, i64 %9) #76 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_write 4 __x64_sys_write ------------- Path:  Function:__x64_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_write(i32 %9, i8* %6, i64 %8) #76 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %7 to %struct.iovec* %19 = trunc i64 %17 to i32 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = icmp eq i64 %21, -1 br i1 %22, label %23, label %25 %24 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %18, i64 %10, i32 %19) #76 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __ia32_sys_readv ------------- Path:  Function:__ia32_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #76 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __x64_sys_preadv2 ------------- Path:  Function:__x64_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #76 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __x64_sys_readv ------------- Path:  Function:__x64_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #76 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_read 4 __ia32_sys_read ------------- Path:  Function:__ia32_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_read(i32 %10, i8* %11, i64 %9) #76 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_read 4 __x64_sys_read ------------- Path:  Function:__x64_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_read(i32 %9, i8* %6, i64 %8) #76 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __x64_sys_lseek ------------- Path:  Function:__x64_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = tail call i64 @__fdget_pos(i32 %8) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_llseek 4 __ia32_sys_llseek ------------- Path:  Function:__ia32_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_llseek(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_llseek 4 __x64_sys_llseek ------------- Path:  Function:__x64_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_llseek(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_sys_lseek ------------- Path:  Function:__ia32_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__fdget_pos(i32 %9) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_lseek ------------- Path:  Function:__ia32_compat_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = shl i64 %5, 32 %11 = ashr exact i64 %10, 32 %12 = tail call i64 @__fdget_pos(i32 %8) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __x64_sys_old_readdir ------------- Path:  Function:__x64_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = tail call i64 @__fdget_pos(i32 %7) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents64 4 __ia32_sys_getdents64 ------------- Path:  Function:__ia32_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents64(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.linux_dirent64* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback64* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %6, %struct.linux_dirent64** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents64 4 __x64_sys_getdents64 ------------- Path:  Function:__x64_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents64(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.linux_dirent64* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback64* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %6, %struct.linux_dirent64** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents 4 __ia32_sys_getdents ------------- Path:  Function:__ia32_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.old_linux_dirent* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %6, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents 4 __x64_sys_getdents ------------- Path:  Function:__x64_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.old_linux_dirent* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %6, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_sys_old_readdir ------------- Path:  Function:__ia32_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_old_readdir ------------- Path:  Function:__ia32_compat_sys_old_readdir %2 = alloca %struct.compat_readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_getdents ------------- Path:  Function:__ia32_compat_sys_getdents %2 = alloca %struct.compat_getdents_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %12 = trunc i64 %9 to i32 %13 = bitcast %struct.compat_getdents_callback* %2 to i8* %14 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @compat_filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %14, align 8 %15 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 1 store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 1 store %struct.compat_old_linux_dirent* %11, %struct.compat_old_linux_dirent** %16, align 8 %17 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 2 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 3 store i32 %12, i32* %18, align 4 %19 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 4 store i32 0, i32* %19, align 8 %20 = tail call i64 @__fdget_pos(i32 %10) #76 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_quotactl_fd 4 __ia32_sys_quotactl_fd ------------- Path:  Function:__ia32_sys_quotactl_fd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_quotactl_fd(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_quotactl_fd %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = inttoptr i64 %3 to i8* %9 = lshr i32 %6, 8 %10 = and i32 %6, 255 %11 = tail call i64 @__fdget_raw(i32 %5) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_quotactl_fd 4 __x64_sys_quotactl_fd ------------- Path:  Function:__x64_sys_quotactl_fd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_quotactl_fd(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_quotactl_fd %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = inttoptr i64 %3 to i8* %9 = lshr i32 %6, 8 %10 = and i32 %6, 255 %11 = tail call i64 @__fdget_raw(i32 %5) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_compat_sys_fstatfs ------------- Path:  Function:__ia32_compat_sys_fstatfs %2 = alloca %struct.compat_statfs, align 4 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 kcompat_sys_fstatfs64 4 __ia32_compat_sys_fstatfs64 ------------- Path:  Function:__ia32_compat_sys_fstatfs64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.compat_statfs64* %12 = tail call i32 @kcompat_sys_fstatfs64(i32 %9, i32 %10, %struct.compat_statfs64* %11) #76 Function:kcompat_sys_fstatfs64 %4 = alloca %struct.compat_statfs64, align 4 %5 = alloca %struct.kstatfs, align 8 %6 = bitcast %struct.kstatfs* %5 to i8* %7 = icmp eq i32 %1, 84 br i1 %7, label %8, label %75 %9 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_sys_fstatfs ------------- Path:  Function:__ia32_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_sys_fstatfs64 ------------- Path:  Function:__ia32_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = bitcast %struct.kstatfs* %3 to i8* %13 = icmp eq i64 %8, 120 br i1 %13, label %14, label %37 %15 = trunc i64 %5 to i32 %16 = tail call i64 @__fdget_raw(i32 %15) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __x64_sys_fstatfs ------------- Path:  Function:__x64_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __x64_sys_fstatfs64 ------------- Path:  Function:__x64_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast %struct.kstatfs* %3 to i8* %12 = icmp eq i64 %7, 120 br i1 %12, label %13, label %35 %14 = trunc i64 %5 to i32 %15 = tail call i64 @__fdget_raw(i32 %14) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fchdir 4 __ia32_sys_fchdir ------------- Path:  Function:__ia32_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_fchdir(i64 %4) #76 Function:__se_sys_fchdir %2 = trunc i64 %0 to i32 %3 = tail call i64 @__fdget_raw(i32 %2) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fchdir 4 __x64_sys_fchdir ------------- Path:  Function:__x64_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_fchdir(i64 %3) #76 Function:__se_sys_fchdir %2 = trunc i64 %0 to i32 %3 = tail call i64 @__fdget_raw(i32 %2) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_compat_sys_ia32_fstat64 ------------- Path:  Function:__ia32_compat_sys_ia32_fstat64 %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #76 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_compat_sys_newfstat ------------- Path:  Function:__ia32_compat_sys_newfstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #76 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_sys_fstat ------------- Path:  Function:__ia32_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #76 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __x64_sys_fstat ------------- Path:  Function:__x64_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.__old_kernel_stat** %7 = load %struct.__old_kernel_stat*, %struct.__old_kernel_stat** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kstat* %2 to i8* %10 = call i32 @vfs_fstat(i32 %8, %struct.kstat* nonnull %2) #76 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __se_sys_newfstat 5 __ia32_sys_newfstat ------------- Path:  Function:__ia32_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_newfstat(i64 %4, i64 %7) #76 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = call i32 @vfs_fstat(i32 %5, %struct.kstat* nonnull %4) #76 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __se_sys_newfstat 5 __x64_sys_newfstat ------------- Path:  Function:__x64_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_newfstat(i64 %3, i64 %5) #76 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = call i32 @vfs_fstat(i32 %5, %struct.kstat* nonnull %4) #76 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fcntl 4 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fcntl 4 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 do_compat_fcntl64 4 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #76 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 do_compat_fcntl64 4 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #76 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #76 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 __se_sys_setns 4 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #76 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 __se_sys_setns 4 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #76 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 loop_configure 4 lo_ioctl 5 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %8 = load %struct.gendisk.614953*, %struct.gendisk.614953** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.614955* %0, i32 %1, i32 %2, i64 %35) #77 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %14 = load %struct.gendisk.614953*, %struct.gendisk.614953** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %366 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %279 i32 19460, label %334 i32 19461, label %348 i32 19463, label %361 i32 19464, label %361 i32 19465, label %361 ] %24 = inttoptr i64 %3 to i8* %25 = bitcast %struct.loop_config* %12 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %25, i8* %24, i64 304) #77 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.614955* %0, %struct.loop_config* nonnull %12) #76 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.615025* bitcast (%struct.file* (i32)* @fget to %struct.file.615025* (i32)*)(i32 %6) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 loop_configure 4 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %14 = load %struct.gendisk.614953*, %struct.gendisk.614953** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %366 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %279 i32 19460, label %334 i32 19461, label %348 i32 19463, label %361 i32 19464, label %361 i32 19465, label %361 ] %24 = inttoptr i64 %3 to i8* %25 = bitcast %struct.loop_config* %12 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %25, i8* %24, i64 304) #77 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.614955* %0, %struct.loop_config* nonnull %12) #76 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.615025* bitcast (%struct.file* (i32)* @fget to %struct.file.615025* (i32)*)(i32 %6) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #76 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #76 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102187* bitcast (%struct.file* (i32)* @fget to %struct.file.102187* (i32)*)(i32 %269) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #76 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #76 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102187* bitcast (%struct.file* (i32)* @fget to %struct.file.102187* (i32)*)(i32 %269) #76 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget_raw 3 __scm_send 4 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 95 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 32 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 21, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 85 %31 = load %struct.cred*, %struct.cred** %30, align 64 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #77 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #77 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #77 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #77 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %42 = load %struct.proto_ops*, %struct.proto_ops** %19, align 32 %43 = icmp eq %struct.proto_ops* %42, null br i1 %43, label %221, label %44 %45 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %221 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %194, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %221, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 4197568, i64 2040) #76 %63 = icmp eq i8* %62, null br i1 %63, label %221, label %64 %65 = bitcast i8* %62 to %struct.scm_fp_list* store i8* %62, i8** %21, align 8 %66 = bitcast i8* %62 to i16* store i16 0, i16* %66, align 8 %67 = getelementptr inbounds i8, i8* %62, i64 2 %68 = bitcast i8* %67 to i16* store i16 253, i16* %68, align 2 %69 = getelementptr inbounds i8, i8* %62, i64 8 %70 = bitcast i8* %69 to %struct.user_struct** store %struct.user_struct* null, %struct.user_struct** %70, align 8 br label %71 %72 = phi %struct.scm_fp_list* [ %51, %58 ], [ %65, %64 ] %73 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 0 %74 = load i16, i16* %73, align 8 %75 = sext i16 %74 to i32 %76 = add nsw i32 %75, %54 %77 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 1 %78 = load i16, i16* %77, align 2 %79 = sext i16 %78 to i32 %80 = icmp sgt i32 %76, %79 br i1 %80, label %221, label %81 %82 = sext i16 %74 to i64 %83 = getelementptr %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 3, i64 %82 %84 = and i64 %53, 4294967295 br label %85 %86 = phi i64 [ 0, %81 ], [ %98, %94 ] %87 = phi %struct.file** [ %83, %81 ], [ %95, %94 ] %88 = getelementptr i32, i32* %50, i64 %86 %89 = load i32, i32* %88, align 4 %90 = icmp slt i32 %89, 0 br i1 %90, label %221, label %91 %92 = tail call %struct.file* @fget_raw(i32 %89) #76 Function:fget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __se_sys_dup 3 __ia32_sys_dup ------------- Path:  Function:__ia32_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_dup(i64 %4) #76 Function:__se_sys_dup %2 = trunc i64 %0 to i32 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 92 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 %7 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %6, i32 %2, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __se_sys_dup 3 __x64_sys_dup ------------- Path:  Function:__x64_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_dup(i64 %3) #76 Function:__se_sys_dup %2 = trunc i64 %0 to i32 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 92 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 %7 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %6, i32 %2, i32 0, i32 1) #76 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = zext i32 %1 to i64 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %7 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %8 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = icmp ugt i32 %9, %1 br i1 %10, label %11, label %69 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %9, %11 ], [ %67, %64 ] %15 = phi %struct.fdtable* [ %7, %11 ], [ %65, %64 ] %16 = zext i32 %14 to i64 %17 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %16, i64 %5) #6, !srcloc !5 %18 = trunc i64 %17 to i32 %19 = and i32 %18, %1 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %21 = load %struct.file**, %struct.file*** %20, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.file*, %struct.file** %21, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %69, label %26 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %69 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %64, label %35, !prof !6, !misexpect !7 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %46 = load volatile %struct.fdtable*, %struct.fdtable** %6, align 32 %47 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %46, i64 0, i32 0 %48 = load i32, i32* %47, align 8 %49 = icmp ugt i32 %48, %1 br i1 %49, label %50, label %60 %61 = phi %struct.file* [ %59, %50 ], [ null, %45 ] %62 = icmp eq %struct.file* %61, %24 br i1 %62, label %69, label %63 tail call void bitcast (void (%struct.file.144380*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #76 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.144380, %struct.file.144380* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144294** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144294**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144294* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144294, %struct.task_struct.144294* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.144380* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #76 br i1 %5, label %6, label %14 %7 = bitcast i32* %2 to %struct.ipc_namespace* tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %7) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = getelementptr inbounds i32, i32* %2, i64 198 %9 = bitcast i32* %8 to %struct.llist_node* %10 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %9, %struct.llist_node* %9, %struct.llist_node* nonnull @free_ipc_list) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #76 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #76 br i1 %3, label %4, label %10 tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %0) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 23 %6 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %5, %struct.llist_node* %5, %struct.llist_node* nonnull @free_ipc_list) #76 ------------- Good: 1772 Bad: 97 Ignored: 6292 Check Use of Function:__ieee80211_rx_h_amsdu Check Use of Function:hpet_ioctl Check Use of Function:tty_compat_ioctl Check Use of Function:ext4_last_io_end_vec Check Use of Function:msr_ioctl Check Use of Function:dm_compat_ctl_ioctl Check Use of Function:drm_framebuffer_free Check Use of Function:fs_context_for_reconfigure Check Use of Function:ieee80211_roc_setup Check Use of Function:put_ucounts Check Use of Function:security_inode_getxattr Check Use of Function:generic_swapfile_activate Check Use of Function:xt_compat_target_offset Check Use of Function:security_sb_pivotroot Check Use of Function:filename_create Check Use of Function:kernfs_iop_lookup Check Use of Function:cpufreq_register_notifier Check Use of Function:scsi_init_command Check Use of Function:dquot_add_space Check Use of Function:percpu_ref_exit Check Use of Function:start_thread Check Use of Function:enable_swap_slots_cache Check Use of Function:drv_channel_switch Check Use of Function:proc_ns_file Check Use of Function:slow_avc_audit Check Use of Function:drm_atomic_helper_update_plane Check Use of Function:free_netdev Check Use of Function:acpi_sleep_init Check Use of Function:nv_drain_rxtx Check Use of Function:sock_create_kern Check Use of Function:blkdev_issue_discard Check Use of Function:ieee80211_check_queues Check Use of Function:percpu_ref_init Check Use of Function:ns_ioctl Check Use of Function:percpu_ref_resurrect Check Use of Function:inet6_addr_add Check Use of Function:e1000_configure_msix Check Use of Function:ieee80211_queue_skb Check Use of Function:blk_queue_flag_clear Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.624183, %struct.device.624183* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.624201** %12 = load %struct.scsi_device.624201*, %struct.scsi_device.624201** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.624201, %struct.scsi_device.624201* %12, i64 0, i32 22 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 1 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #77 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 1 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 1 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.624016** %62 = load %struct.gendisk.624016*, %struct.gendisk.624016** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.624016, %struct.gendisk.624016* %62, i64 0, i32 9 %64 = load %struct.request_queue.624010*, %struct.request_queue.624010** %63, align 8 tail call void bitcast (void (%struct.request_queue.297041*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.624010*, i1, i1)*)(%struct.request_queue.624010* %64, i1 zeroext %57, i1 zeroext %59) #77 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.297041*)*)(i32 17, %struct.request_queue.297041* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.624183, %struct.device.624183* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.624201** %12 = load %struct.scsi_device.624201*, %struct.scsi_device.624201** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.624201, %struct.scsi_device.624201* %12, i64 0, i32 22 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 1 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #77 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 1 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 1 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.624016** %62 = load %struct.gendisk.624016*, %struct.gendisk.624016** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.624016, %struct.gendisk.624016* %62, i64 0, i32 9 %64 = load %struct.request_queue.624010*, %struct.request_queue.624010** %63, align 8 tail call void bitcast (void (%struct.request_queue.297041*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.624010*, i1, i1)*)(%struct.request_queue.624010* %64, i1 zeroext %57, i1 zeroext %59) #77 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.297041*)*)(i32 17, %struct.request_queue.297041* %0) #76 br label %6 br i1 %2, label %7, label %8 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.297041*)*)(i32 18, %struct.request_queue.297041* %0) #76 ------------- Good: 54 Bad: 2 Ignored: 54 Check Use of Function:vm_stat_account Check Use of Function:move_vma Check Use of Function:pid_revalidate Check Use of Function:unpin_user_pages_dirty_lock Check Use of Function:__mmu_notifier_invalidate_range_end Check Use of Function:pci_connect_tech_setup Check Use of Function:force_sig Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %13 = load i64, i64* %12, align 8 %14 = add i64 %13, -4 %15 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %14 br i1 %17, label %42, label %18, !prof !6, !misexpect !7 %19 = inttoptr i64 %14 to %struct.rt_sigframe_ia32* %21 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %22 = bitcast %struct.kernel_cap_struct* %21 to i64* %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %20) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %42, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #76 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %33 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #77 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %42 %36 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %37 = call i32 @compat_restore_altstack(%struct.uid_gid_extent* %36) #76 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %42 %43 = inttoptr i64 %14 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %43, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4721, i64 0, i64 0)) #76 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %13 br i1 %18, label %50, label %19, !prof !6, !misexpect !7 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %23 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %20) #6, !srcloc !8 %24 = extractvalue { i32*, i32, i64 } %23, 0 %25 = extractvalue { i32*, i32, i64 } %23, 1 %26 = extractvalue { i32*, i32, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = zext i32 %25 to i64 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %28, i64* %29, align 8 %30 = and i64 %27, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %50, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #76 %45 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %21) #77 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %50 %51 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %51, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4718, i64 0, i64 0)) #76 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __do_sys_rt_sigreturn ------------- Path:  Function:__do_sys_rt_sigreturn %2 = alloca %struct.sigcontext_64, align 8 %3 = alloca %struct.cpumask, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 2 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 32 %9 = add i64 %8, 16384 %10 = inttoptr i64 %9 to %struct.pt_regs* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1 %12 = bitcast %struct.cpumask* %3 to i8* %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -8 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -440 %18 = icmp ult i64 %17, %15 br i1 %18, label %139, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe* %22 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 4, i32 0, i64 0 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %3, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %139, !prof !9, !misexpect !10 %33 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 0 %34 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 8, i64 %32) #6, !srcloc !11 %35 = extractvalue { i64*, i64, i64 } %34, 0 %36 = extractvalue { i64*, i64, i64 } %34, 2 %37 = ptrtoint i64* %35 to i64 %38 = and i64 %37, 4294967295 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %139, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %3) #76 %41 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 3 %42 = bitcast %struct.sigcontext_64* %2 to i8* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 52, i32 1 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %43, align 8 %44 = bitcast %struct.sigcontext_64* %41 to i8* %45 = call i64 @_copy_from_user(i8* nonnull %42, i8* %44, i64 192) #76 %46 = icmp eq i64 %45, 0 br i1 %46, label %48, label %47 br label %139 %140 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %11, i8* %140, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.6.1385, i64 0, i64 0)) #77 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 ------------- Good: 6 Bad: 3 Ignored: 20 Check Use of Function:__create_xol_area Check Use of Function:ipv6_chk_addr_and_flags Check Use of Function:rt_cache_flush Check Use of Function:dmar_fault Check Use of Function:arch_uprobe_skip_sstep Check Use of Function:drm_gem_object_free Use: =BAD PATH= Call Stack: 0 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.rseq_cs* %7 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %382, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %382, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %382, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #76 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.448284* %38 = icmp eq i8* %36, null br i1 %38, label %63, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !8 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !9 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !10, !misexpect !9 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #76 br label %60 %61 = icmp eq i32 %55, 0 %62 = select i1 %61, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %37 br label %63 %64 = phi %struct.drm_i915_gem_object.448284* [ null, %31 ], [ %62, %60 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @rcu_read_unlock_strict() #76 %65 = icmp eq %struct.drm_i915_gem_object.448284* %64, null br i1 %65, label %382, label %66 %67 = getelementptr inbounds i8, i8* %1, i64 8 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %69 br i1 %72, label %73, label %369 %74 = load i64, i64* %19, align 8 %75 = sub i64 %71, %69 %76 = icmp ugt i64 %74, %75 br i1 %76, label %369, label %77 %78 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 11 %79 = load i64, i64* %78, align 8 %80 = and i64 %79, 16 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %369 %370 = phi i32 [ %104, %103 ], [ %107, %106 ], [ %368, %367 ], [ %240, %239 ], [ %238, %237 ], [ -22, %73 ], [ -22, %77 ], [ -22, %66 ] %371 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %372 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %373 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %372, i32 -1, i32* %372) #6, !srcloc !26 %374 = icmp eq i32 %373, 1 br i1 %374, label %380, label %375 %381 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !27 call void @drm_gem_object_free(%struct.qspinlock* %381) #76, !callees !28 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.rseq_cs* %7 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %321, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %321, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %321, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #76 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.448284* %38 = icmp eq i8* %36, null br i1 %38, label %63, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !8 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !9 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !10, !misexpect !9 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #76 br label %60 %61 = icmp eq i32 %55, 0 %62 = select i1 %61, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %37 br label %63 %64 = phi %struct.drm_i915_gem_object.448284* [ null, %31 ], [ %62, %60 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @rcu_read_unlock_strict() #76 %65 = icmp eq %struct.drm_i915_gem_object.448284* %64, null br i1 %65, label %321, label %66 %67 = getelementptr inbounds i8, i8* %1, i64 8 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %69 br i1 %72, label %73, label %308 %74 = load i64, i64* %19, align 8 %75 = sub i64 %71, %69 %76 = icmp ugt i64 %74, %75 br i1 %76, label %308, label %77 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %78)) #6 to label %92 [label %78], !srcloc !12 %93 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 1 %94 = load %struct.drm_i915_gem_object_ops.448268*, %struct.drm_i915_gem_object_ops.448268** %93, align 8 %95 = getelementptr inbounds %struct.drm_i915_gem_object_ops.448268, %struct.drm_i915_gem_object_ops.448268* %94, i64 0, i32 5 %96 = load i32 (%struct.drm_i915_gem_object.448284*, %struct.rseq_cs*)*, i32 (%struct.drm_i915_gem_object.448284*, %struct.rseq_cs*)** %95, align 8 %97 = icmp eq i32 (%struct.drm_i915_gem_object.448284*, %struct.rseq_cs*)* %96, null br i1 %97, label %101, label %98 %102 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.501517*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.448284*, i32, i64)*)(%struct.drm_i915_gem_object.448284* nonnull %64, i32 1, i64 9223372036854775807) #76 %103 = icmp eq i32 %102, 0 br i1 %103, label %104, label %308 %105 = bitcast i32* %5 to i8* %106 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 9 %107 = load %struct.dma_resv*, %struct.dma_resv** %106, align 8 %108 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %107, i64 0, i32 0 %109 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %108, %struct.ww_acquire_ctx* null) #76 %110 = icmp eq i32 %109, -114 %111 = select i1 %110, i32 0, i32 %109 switch i32 %111, label %208 [ i32 -35, label %112 i32 0, label %124 ] %113 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %114 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %115 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %114, i32 1, i32* %114) #6, !srcloc !17 %116 = icmp eq i32 %115, 0 br i1 %116, label %121, label %117, !prof !5, !misexpect !9 %118 = add i32 %115, 1 %119 = or i32 %118, %115 %120 = icmp sgt i32 %119, -1 br i1 %120, label %123, label %121, !prof !10, !misexpect !9 %122 = phi i32 [ 2, %112 ], [ 1, %117 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %113, i32 %122) #76 br label %123 store %struct.drm_i915_gem_object.448284* %64, %struct.drm_i915_gem_object.448284** inttoptr (i64 40 to %struct.drm_i915_gem_object.448284**), align 8 br label %308 %309 = phi i32 [ %99, %98 ], [ %102, %101 ], [ %307, %306 ], [ %209, %208 ], [ -22, %73 ], [ -22, %66 ], [ -35, %123 ] %310 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %311 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %312 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %311, i32 -1, i32* %311) #6, !srcloc !25 %313 = icmp eq i32 %312, 1 br i1 %313, label %319, label %314 %320 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %64, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 call void @drm_gem_object_free(%struct.qspinlock* %320) #76, !callees !27 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.435893* %5 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %4, i64 0, i32 60, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %151, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #76 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.435908* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !5 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !6, !misexpect !7 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #76 br label %37 %38 = icmp eq i32 %32, 0 %39 = select i1 %38, %struct.drm_i915_gem_object.435908* null, %struct.drm_i915_gem_object.435908* %14 br label %40 %41 = phi %struct.drm_i915_gem_object.435908* [ null, %8 ], [ %39, %37 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %42 = icmp eq %struct.drm_i915_gem_object.435908* %41, null br i1 %42, label %151, label %43 %44 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %41, i64 0, i32 1 %45 = load %struct.drm_i915_gem_object_ops.435896*, %struct.drm_i915_gem_object_ops.435896** %44, align 8 %46 = getelementptr inbounds %struct.drm_i915_gem_object_ops.435896, %struct.drm_i915_gem_object_ops.435896* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 4 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %138 %139 = phi i32 [ %132, %129 ], [ -6, %43 ], [ -22, %89 ], [ -22, %103 ], [ -22, %61 ], [ -22, %67 ], [ -22, %71 ], [ -22, %73 ], [ -22, %75 ], [ -22, %99 ], [ -22, %94 ] %140 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %41, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %141 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %41, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 -1, i32* %141) #6, !srcloc !11 %143 = icmp eq i32 %142, 1 br i1 %143, label %149, label %144 %150 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %41, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @drm_gem_object_free(%struct.qspinlock* %150) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.381449*, %struct.drm_device.381449** %9, align 8 %11 = bitcast i32* %3 to i8* %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.381449* %10, i32* nonnull %3) #76 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %10, i64 0, i32 33 %17 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %18 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %17, i64 0, i32 0 call void @_raw_read_lock(%struct.rwlock_t* %18) #76 %19 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %20 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = lshr i64 %26, 12 %28 = call %struct.drm_vma_offset_node* @drm_vma_offset_lookup_locked(%struct.drm_vma_offset_manager* %19, i64 %21, i64 %27) #76 %29 = icmp eq %struct.drm_vma_offset_node* %28, null br i1 %29, label %98, label %30 %31 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 1, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, %21 br i1 %33, label %34, label %98 %35 = call zeroext i1 @drm_vma_node_is_allowed(%struct.drm_vma_offset_node* nonnull %28, %struct.drm_file* %6) #76 br i1 %35, label %36, label %98 %37 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 3 %38 = load i8*, i8** %37, align 8 %39 = icmp eq i8* %38, null br i1 %39, label %40, label %70 %71 = getelementptr %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 -1, i32 1, i32 12 %72 = bitcast i64* %71 to %struct.drm_i915_gem_object.448284* %73 = icmp eq i64* %71, null br i1 %73, label %98, label %74 %75 = bitcast i64* %71 to %struct.seqcount_spinlock* %76 = bitcast i64* %71 to i32* %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %89, label %79 %80 = phi i32 [ %87, %86 ], [ %77, %74 ] %81 = add i32 %80, 1 %82 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %76, i32 %81, i32* nonnull %76, i32 %80) #6, !srcloc !5 %83 = extractvalue { i8, i32 } %82, 0 %84 = and i8 %83, 1 %85 = icmp eq i8 %84, 0 br i1 %85, label %86, label %89, !prof !6, !misexpect !7 %87 = extractvalue { i8, i32 } %82, 1 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %79 %90 = phi i32 [ 0, %74 ], [ 0, %86 ], [ %80, %79 ] %91 = add i32 %90, 1 %92 = or i32 %91, %90 %93 = icmp sgt i32 %92, -1 br i1 %93, label %95, label %94, !prof !8, !misexpect !7 call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %75, i32 0) #76 br label %95 %96 = icmp eq i32 %90, 0 %97 = select i1 %96, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %72 br label %98 %99 = phi i32 [ -13, %34 ], [ -13, %40 ], [ -13, %70 ], [ -22, %14 ], [ -22, %30 ], [ -13, %67 ], [ -13, %95 ] %100 = phi %struct.drm_vma_offset_node* [ %28, %34 ], [ %28, %40 ], [ %28, %70 ], [ null, %14 ], [ null, %30 ], [ %28, %67 ], [ %28, %95 ] %101 = phi %struct.i915_mmap_offset.448362* [ null, %34 ], [ %41, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %41, %67 ], [ null, %95 ] %102 = phi %struct.drm_i915_gem_object.448284* [ null, %34 ], [ null, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %69, %67 ], [ %97, %95 ] %103 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %104 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %103, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %105 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %104, i32 -512, i32* %104) #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @rcu_read_unlock_strict() #76 %106 = icmp eq %struct.drm_i915_gem_object.448284* %102, null br i1 %106, label %242, label %107 %108 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 11 %109 = load i64, i64* %108, align 8 %110 = and i64 %109, 16 %111 = icmp eq i64 %110, 0 br i1 %111, label %131, label %112 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %132 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %10, i64 20, i32 30, i32 1, i32 0, i32 0, i32 1 %133 = bitcast %struct.raw_spinlock* %132 to %struct.file** %134 = load volatile %struct.file*, %struct.file** %133, align 8 %135 = icmp eq %struct.file* %134, null br i1 %135, label %150, label %136 %137 = getelementptr inbounds %struct.file, %struct.file* %134, i64 0, i32 6, i32 0 %138 = load volatile i64, i64* %137, align 8 %139 = icmp eq i64 %138, 0 br i1 %139, label %150, label %140, !prof !6, !misexpect !7 %141 = phi i64 [ %148, %147 ], [ %138, %136 ] %142 = add i64 %141, 1 %143 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %137, i64 %142, i64* %137, i64 %141) #6, !srcloc !14 %144 = extractvalue { i8, i64 } %143, 0 %145 = and i8 %144, 1 %146 = icmp eq i8 %145, 0 br i1 %146, label %147, label %150, !prof !6, !misexpect !7 %148 = extractvalue { i8, i64 } %143, 1 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %140, !prof !6, !misexpect !7 %151 = phi %struct.file* [ null, %131 ], [ null, %136 ], [ %134, %140 ], [ null, %147 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @rcu_read_unlock_strict() #76 %152 = icmp eq %struct.file* %151, null br i1 %152, label %153, label %166 %167 = phi %struct.file* [ %155, %157 ], [ %151, %150 ], [ %155, %153 ] %168 = icmp ugt %struct.file* %167, inttoptr (i64 -4096 to %struct.file*) br i1 %168, label %169, label %184 %170 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %171 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %172 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 -1, i32* %171) #6, !srcloc !12 %173 = icmp eq i32 %172, 1 br i1 %173, label %179, label %174 %180 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @drm_gem_object_free(%struct.qspinlock* %180) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.381449*, %struct.drm_device.381449** %9, align 8 %11 = bitcast i32* %3 to i8* %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.381449* %10, i32* nonnull %3) #76 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %10, i64 0, i32 33 %17 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %18 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %17, i64 0, i32 0 call void @_raw_read_lock(%struct.rwlock_t* %18) #76 %19 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %20 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = lshr i64 %26, 12 %28 = call %struct.drm_vma_offset_node* @drm_vma_offset_lookup_locked(%struct.drm_vma_offset_manager* %19, i64 %21, i64 %27) #76 %29 = icmp eq %struct.drm_vma_offset_node* %28, null br i1 %29, label %98, label %30 %31 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 1, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, %21 br i1 %33, label %34, label %98 %35 = call zeroext i1 @drm_vma_node_is_allowed(%struct.drm_vma_offset_node* nonnull %28, %struct.drm_file* %6) #76 br i1 %35, label %36, label %98 %37 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 3 %38 = load i8*, i8** %37, align 8 %39 = icmp eq i8* %38, null br i1 %39, label %40, label %70 %71 = getelementptr %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 -1, i32 1, i32 12 %72 = bitcast i64* %71 to %struct.drm_i915_gem_object.448284* %73 = icmp eq i64* %71, null br i1 %73, label %98, label %74 %75 = bitcast i64* %71 to %struct.seqcount_spinlock* %76 = bitcast i64* %71 to i32* %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %89, label %79 %80 = phi i32 [ %87, %86 ], [ %77, %74 ] %81 = add i32 %80, 1 %82 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %76, i32 %81, i32* nonnull %76, i32 %80) #6, !srcloc !5 %83 = extractvalue { i8, i32 } %82, 0 %84 = and i8 %83, 1 %85 = icmp eq i8 %84, 0 br i1 %85, label %86, label %89, !prof !6, !misexpect !7 %87 = extractvalue { i8, i32 } %82, 1 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %79 %90 = phi i32 [ 0, %74 ], [ 0, %86 ], [ %80, %79 ] %91 = add i32 %90, 1 %92 = or i32 %91, %90 %93 = icmp sgt i32 %92, -1 br i1 %93, label %95, label %94, !prof !8, !misexpect !7 call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %75, i32 0) #76 br label %95 %96 = icmp eq i32 %90, 0 %97 = select i1 %96, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %72 br label %98 %99 = phi i32 [ -13, %34 ], [ -13, %40 ], [ -13, %70 ], [ -22, %14 ], [ -22, %30 ], [ -13, %67 ], [ -13, %95 ] %100 = phi %struct.drm_vma_offset_node* [ %28, %34 ], [ %28, %40 ], [ %28, %70 ], [ null, %14 ], [ null, %30 ], [ %28, %67 ], [ %28, %95 ] %101 = phi %struct.i915_mmap_offset.448362* [ null, %34 ], [ %41, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %41, %67 ], [ null, %95 ] %102 = phi %struct.drm_i915_gem_object.448284* [ null, %34 ], [ null, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %69, %67 ], [ %97, %95 ] %103 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %104 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %103, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %105 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %104, i32 -512, i32* %104) #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @rcu_read_unlock_strict() #76 %106 = icmp eq %struct.drm_i915_gem_object.448284* %102, null br i1 %106, label %242, label %107 %108 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 11 %109 = load i64, i64* %108, align 8 %110 = and i64 %109, 16 %111 = icmp eq i64 %110, 0 br i1 %111, label %131, label %112 %113 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %114 = load i64, i64* %113, align 8 %115 = and i64 %114, 2 %116 = icmp eq i64 %115, 0 br i1 %116, label %129, label %117 %118 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %119 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %120 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %119, i32 -1, i32* %119) #6, !srcloc !12 %121 = icmp eq i32 %120, 1 br i1 %121, label %127, label %122 %128 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %102, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @drm_gem_object_free(%struct.qspinlock* %128) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %159 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %159, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %159 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %159, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #76 %31 = bitcast i8* %30 to %struct.drm_i915_gem_object.448284* %32 = icmp eq i8* %30, null br i1 %32, label %57, label %33 %34 = bitcast i8* %30 to %struct.seqcount_spinlock* %35 = bitcast i8* %30 to i32* %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %48, label %38 %39 = phi i32 [ %46, %45 ], [ %36, %33 ] %40 = add i32 %39, 1 %41 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %35, i32 %40, i32* nonnull %35, i32 %39) #6, !srcloc !5 %42 = extractvalue { i8, i32 } %41, 0 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %45, label %48, !prof !6, !misexpect !7 %46 = extractvalue { i8, i32 } %41, 1 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %38 %49 = phi i32 [ 0, %33 ], [ %39, %38 ], [ 0, %45 ] %50 = add i32 %49, 1 %51 = or i32 %50, %49 %52 = icmp sgt i32 %51, -1 br i1 %52, label %54, label %53, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %34, i32 0) #76 br label %54 %55 = icmp eq i32 %49, 0 %56 = select i1 %55, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %31 br label %57 %58 = phi %struct.drm_i915_gem_object.448284* [ null, %25 ], [ %56, %54 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %59 = icmp eq %struct.drm_i915_gem_object.448284* %58, null br i1 %59, label %159, label %60 %61 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 3 %62 = load %struct.file*, %struct.file** %61, align 8 %63 = icmp eq %struct.file* %62, null br i1 %63, label %144, label %64 %65 = getelementptr inbounds i8, i8* %1, i64 8 %66 = bitcast i8* %65 to i64* %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds i8, i8* %1, i64 16 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %67 br i1 %72, label %73, label %144 %74 = load i64, i64* %69, align 8 %75 = sub i64 %71, %67 %76 = icmp ugt i64 %74, %75 br i1 %76, label %144, label %77 %78 = tail call i64 @vm_mmap(%struct.file* nonnull %62, i64 0, i64 %74, i64 3, i64 1, i64 %67) #76 %79 = icmp ugt i64 %78, -4096 br i1 %79, label %144, label %80, !prof !6, !misexpect !7 %81 = load i64, i64* %16, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 br i1 %83, label %128, label %84 %85 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %86 = inttoptr i64 %85 to %struct.task_struct* %87 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %86, i64 0, i32 38 %88 = load %struct.mm_struct*, %struct.mm_struct** %87, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %89)) #6 to label %90 [label %89], !srcloc !11 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %88, i1 zeroext true) #76 br label %90 %91 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %88, i64 0, i32 0, i32 17 %92 = tail call i32 @down_write_killable(%struct.rw_semaphore* %91) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %93)) #6 to label %95 [label %93], !srcloc !11 %96 = icmp eq i32 %92, 0 br i1 %96, label %97, label %144 %98 = tail call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %88, i64 %78) #76 %99 = icmp eq %struct.vm_area_struct* %98, null br i1 %99, label %123, label %100 %101 = load %struct.file*, %struct.file** %61, align 8 %102 = load i64, i64* %69, align 8 %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %98, i64 0, i32 14 %104 = load %struct.file*, %struct.file** %103, align 8 %105 = icmp eq %struct.file* %104, %101 br i1 %105, label %106, label %123 %107 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %98, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = icmp eq i64 %108, %78 br i1 %109, label %110, label %123 %124 = phi i64 [ %78, %117 ], [ -12, %97 ], [ -12, %110 ], [ -12, %100 ], [ -12, %106 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %125)) #6 to label %126 [label %125], !srcloc !11 tail call void @up_write(%struct.rw_semaphore* %91) #76 %127 = icmp ugt i64 %124, -4096 br i1 %127, label %144, label %128 %145 = phi i64 [ %78, %77 ], [ -6, %60 ], [ -22, %73 ], [ -22, %64 ], [ -4, %95 ], [ %124, %126 ] %146 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %147 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %148 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %147, i32 -1, i32* %147) #6, !srcloc !12 %149 = icmp eq i32 %148, 1 br i1 %149, label %155, label %150 %156 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @drm_gem_object_free(%struct.qspinlock* %156) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %134 %10 = getelementptr inbounds i8, i8* %1, i64 4 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 switch i32 %12, label %134 [ i32 0, label %21 i32 1, label %13 i32 2, label %16 ] %14 = and i24 %6, 525312 %15 = icmp eq i24 %14, 0 br i1 %15, label %134, label %21 %22 = phi i32 [ %20, %16 ], [ %12, %9 ], [ 1, %13 ] %23 = bitcast i8* %1 to i32* %24 = load i32, i32* %23, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %26 = zext i32 %24 to i64 %27 = tail call i8* @idr_find(%struct.idr* %25, i64 %26) #76 %28 = bitcast i8* %27 to %struct.drm_i915_gem_object.486024* %29 = icmp eq i8* %27, null br i1 %29, label %54, label %30 %31 = bitcast i8* %27 to %struct.seqcount_spinlock* %32 = bitcast i8* %27 to i32* %33 = load volatile i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %45, label %35 %36 = phi i32 [ %43, %42 ], [ %33, %30 ] %37 = add i32 %36, 1 %38 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %32, i32 %37, i32* nonnull %32, i32 %36) #6, !srcloc !5 %39 = extractvalue { i8, i32 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %43 = extractvalue { i8, i32 } %38, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %35 %46 = phi i32 [ 0, %30 ], [ %36, %35 ], [ 0, %42 ] %47 = add i32 %46, 1 %48 = or i32 %47, %46 %49 = icmp sgt i32 %48, -1 br i1 %49, label %51, label %50, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %31, i32 0) #76 br label %51 %52 = icmp eq i32 %46, 0 %53 = select i1 %52, %struct.drm_i915_gem_object.486024* null, %struct.drm_i915_gem_object.486024* %28 br label %54 %55 = phi %struct.drm_i915_gem_object.486024* [ null, %21 ], [ %53, %51 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %56 = icmp eq %struct.drm_i915_gem_object.486024* %55, null br i1 %56, label %134, label %57 %58 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 1 %59 = load %struct.drm_i915_gem_object_ops.486010*, %struct.drm_i915_gem_object_ops.486010** %58, align 8 %60 = getelementptr inbounds %struct.drm_i915_gem_object_ops.486010, %struct.drm_i915_gem_object_ops.486010* %59, i64 0, i32 0 %61 = load i32, i32* %60, align 8 %62 = and i32 %61, 4 %63 = icmp eq i32 %62, 0 br i1 %63, label %72, label %64 %73 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 0, i32 0, i32 0, i32 9 %74 = load %struct.dma_resv*, %struct.dma_resv** %73, align 8 %75 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %74, i64 0, i32 0 %76 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %75, %struct.ww_acquire_ctx* null) #76 %77 = icmp eq i32 %76, -114 %78 = select i1 %77, i32 0, i32 %76 switch i32 %78, label %121 [ i32 -35, label %79 i32 0, label %91 ] %122 = phi i32 [ -6, %71 ], [ 0, %68 ], [ %111, %118 ], [ -35, %90 ], [ %78, %72 ] %123 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %124 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %125 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %124, i32 -1, i32* %124) #6, !srcloc !11 %126 = icmp eq i32 %125, 1 br i1 %126, label %132, label %127 %133 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @drm_gem_object_free(%struct.qspinlock* %133) #76 ------------- Good: 146 Bad: 7 Ignored: 123 Check Use of Function:ieee80211_stop_queues_by_reason Check Use of Function:truncate_setsize Check Use of Function:__netdev_alloc_skb Check Use of Function:page_vma_mapped_walk Check Use of Function:put_css_set_locked Use: =BAD PATH= Call Stack: 0 free_cgroup_ns 1 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #76 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace, %struct.cgroup_namespace* %0, i64 0, i32 3 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = getelementptr inbounds %struct.css_set, %struct.css_set* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %4) #76 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #76 tail call void @put_css_set_locked(%struct.css_set* %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 free_cgroup_ns 2 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #76 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace, %struct.cgroup_namespace* %0, i64 0, i32 3 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = getelementptr inbounds %struct.css_set, %struct.css_set* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %4) #76 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #76 tail call void @put_css_set_locked(%struct.css_set* %3) #76 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 10 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16, !prof !5, !misexpect !6 br label %18 %19 = phi i64 [ %53, %52 ], [ 0, %17 ] %20 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 1 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 0 %23 = load %struct.list_head*, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store volatile %struct.list_head* %23, %struct.list_head** %25, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %20, align 8 %26 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 0, i64 %19 %27 = load %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %26, align 8 %28 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %27, i64 0, i32 7 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %52 %53 = add nuw nsw i64 %19, 1 %54 = icmp eq i64 %53, 4 br i1 %54, label %55, label %18 %56 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12 %57 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12, i32 1 %58 = load %struct.hlist_node**, %struct.hlist_node*** %57, align 8 %59 = icmp eq %struct.hlist_node** %58, null br i1 %59, label %68, label %60 %69 = load i32, i32* @css_set_count, align 4 %70 = add i32 %69, -1 store i32 %70, i32* @css_set_count, align 4 %71 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 13 %72 = bitcast %struct.list_head* %71 to i8** %73 = load i8*, i8** %72, align 8 %74 = bitcast i8* %73 to %struct.list_head* %75 = icmp eq %struct.list_head* %71, %74 br i1 %75, label %130, label %76 %77 = phi i8* [ %80, %127 ], [ %73, %68 ] %78 = getelementptr i8, i8* %77, i64 -32 %79 = bitcast i8* %77 to i8** %80 = load i8*, i8** %79, align 8 %81 = getelementptr i8, i8* %77, i64 -16 %82 = getelementptr i8, i8* %77, i64 -8 %83 = bitcast i8* %82 to %struct.list_head** %84 = load %struct.list_head*, %struct.list_head** %83, align 8 %85 = bitcast i8* %81 to %struct.list_head** %86 = load %struct.list_head*, %struct.list_head** %85, align 8 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 1 store %struct.list_head* %84, %struct.list_head** %87, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %88, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 %89 = getelementptr inbounds i8, i8* %77, i64 8 %90 = bitcast i8* %89 to %struct.list_head** %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = bitcast i8* %77 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = getelementptr inbounds %struct.list_head, %struct.list_head* %93, i64 0, i32 1 store %struct.list_head* %91, %struct.list_head** %94, align 8 %95 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 0 store volatile %struct.list_head* %93, %struct.list_head** %95, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %92, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %90, align 8 %96 = bitcast i8* %78 to %struct.cgroup** %97 = load %struct.cgroup*, %struct.cgroup** %96, align 8 %98 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 12 %99 = bitcast %struct.cgroup_subsys_state** %98 to %struct.cgroup** %100 = load %struct.cgroup*, %struct.cgroup** %99, align 8 %101 = icmp eq %struct.cgroup* %100, null br i1 %101, label %127, label %102 %103 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 7 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %127 %108 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %109 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %108, i64 0, i32 0 %110 = load volatile i64, i64* %109, align 8 %111 = and i64 %110, 3 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %115, !prof !5, !misexpect !6 %116 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2, i32 1 %117 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %118 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %117, i64 0, i32 0, i32 0 %119 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %118, i64 1, i64* %118) #6, !srcloc !12 %120 = and i8 %119, 1 %121 = icmp eq i8 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %124 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %123, i64 0, i32 1 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %108) #76 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 br label %127 tail call void @kfree(i8* %78) #76 %128 = bitcast i8* %80 to %struct.list_head* %129 = icmp eq %struct.list_head* %71, %128 br i1 %129, label %130, label %76 %131 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 2 %132 = load %struct.css_set*, %struct.css_set** %131, align 8 %133 = icmp eq %struct.css_set* %132, %0 br i1 %133, label %142, label %134 %135 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 0 store volatile %struct.list_head* %138, %struct.list_head** %140, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %141 = load %struct.css_set*, %struct.css_set** %131, align 8 tail call void @put_css_set_locked(%struct.css_set* %141) #77 ------------- Good: 214 Bad: 2 Ignored: 53 Check Use of Function:xt_compat_match_offset Check Use of Function:sr_block_ioctl Check Use of Function:ieee80211_check_fast_xmit Check Use of Function:__mmu_notifier_invalidate_range_start Check Use of Function:ext4_compat_ioctl Check Use of Function:empty_dir_lookup Check Use of Function:mpage_process_page_bufs Check Use of Function:__anon_vma_prepare Use: =BAD PATH= Call Stack: 0 expand_downwards 1 find_extend_vma 2 __get_user_pages 3 faultin_vma_page_range 4 madvise_populate 5 do_madvise 6 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #76 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %221, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %188, %187 ] %28 = phi i64 [ 0, %15 ], [ %184, %187 ] %29 = phi i64 [ 0, %15 ], [ %185, %187 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #76 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126298* (%struct.mm_struct.126313*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #76 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126298*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #76 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #76 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %266, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.134350*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 expand_downwards 1 find_extend_vma 2 __get_user_pages 3 faultin_vma_page_range 4 madvise_populate 5 do_madvise 6 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #76 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %221, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %188, %187 ] %28 = phi i64 [ 0, %15 ], [ %184, %187 ] %29 = phi i64 [ 0, %15 ], [ %185, %187 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #76 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126298* (%struct.mm_struct.126313*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #76 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126298*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #76 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #76 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %266, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.134350*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #76 ------------- Good: 45 Bad: 2 Ignored: 93 Check Use of Function:cgroup_post_fork Check Use of Function:evdev_ioctl_compat Check Use of Function:in_gate_area Check Use of Function:bcmp Use: =BAD PATH= Call Stack: 0 __ip_options_echo 1 __icmp_send 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.829233*, %struct.net_device.829233** %78, align 8 %80 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %79, i64 0, i32 109, i32 0 %81 = load %struct.net.828834*, %struct.net.828834** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.828834* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.829144* %0, i32* null) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @rcu_read_unlock_strict() #76 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.829144* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #76 Function:__icmp_send %6 = alloca %struct.inetpeer_addr, align 4 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.flowi4, align 8 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.828746*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.828746** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.828746* store %struct.rtable.828746* %19, %struct.rtable.828746** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %504, label %23 %24 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.829233*, %struct.net_device.829233** %24, align 8 %26 = icmp eq %struct.net_device.829233* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = icmp eq %struct.net_device.829233* %29, null br i1 %30, label %504, label %31 %32 = phi %struct.net_device.829233* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %32, i64 0, i32 109, i32 0 %34 = load %struct.net.828834*, %struct.net.828834** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %504, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 38 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %504, label %49 %50 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, 7 %53 = icmp eq i16 %52, 0 br i1 %53, label %54, label %504 %55 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %504 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %504 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp slt i32 %91, 1 br i1 %92, label %93, label %98, !prof !4, !misexpect !5 %94 = icmp eq %struct.sk_buff.829144* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.829144*, i32, i8*, i32)*)(%struct.sk_buff.829144* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #76 %97 = icmp sgt i32 %96, -1 br i1 %97, label %104, label %113 %105 = phi i8* [ %102, %98 ], [ %13, %95 ] %106 = load i8, i8* %105, align 1 %107 = icmp ugt i8 %106, 18 br i1 %107, label %113, label %108 %109 = zext i8 %106 to i64 %110 = lshr i64 516353, %109 %111 = and i64 %110, 1 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %114 br label %115 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %116 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %117 = load %struct.net_device.829233*, %struct.net_device.829233** %116, align 8 %118 = icmp eq %struct.net_device.829233* %117, null br i1 %118, label %126, label %119 %120 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %117, i64 0, i32 14 %121 = load i32, i32* %120, align 64 %122 = and i32 %121, 8 %123 = icmp ne i32 %122, 0 %124 = icmp sgt i32 %1, 18 %125 = or i1 %124, %123 br i1 %125, label %177, label %128 %129 = icmp eq i32 %1, 3 %130 = icmp eq i32 %2, 4 %131 = and i1 %129, %130 br i1 %131, label %177, label %132 %133 = shl nuw nsw i32 1, %1 %134 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %34, i64 0, i32 34, i32 30 %135 = load i32, i32* %134, align 4 %136 = and i32 %135, %133 %137 = icmp eq i32 %136, 0 br i1 %137, label %177, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = trunc i64 %139 to i32 %141 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %142 = icmp eq i32 %141, 0 br i1 %142, label %143, label %147 %144 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %145 = sub i32 %140, %144 %146 = icmp ult i32 %145, 20 br i1 %146, label %503, label %147 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 0, i32 0, i32 0)) #76 %148 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %149 = sub i32 %140, %148 %150 = icmp ult i32 %149, 1000 %151 = select i1 %150, i32 %149, i32 1000 %152 = icmp ugt i32 %151, 19 br i1 %152, label %153, label %159 %154 = load i32, i32* @sysctl_icmp_msgs_per_sec, align 4 %155 = mul i32 %154, %151 %156 = icmp ult i32 %155, 1000 br i1 %156, label %159, label %157 %158 = udiv i32 %155, 1000 store volatile i32 %140, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 br label %159 %160 = phi i32 [ %158, %157 ], [ 0, %153 ], [ 0, %147 ] %161 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %162 = add i32 %161, %160 %163 = load i32, i32* @sysctl_icmp_msgs_burst, align 4 %164 = icmp ult i32 %162, %163 %165 = select i1 %164, i32 %162, i32 %163 %166 = icmp eq i32 %165, 0 br i1 %166, label %176, label %167 %168 = call i32 @prandom_u32() #76 %169 = zext i32 %168 to i64 %170 = mul nuw nsw i64 %169, 3 %171 = lshr i64 %170, 32 %172 = trunc i64 %171 to i32 %173 = sub i32 %165, %172 %174 = icmp sgt i32 %173, 0 %175 = select i1 %174, i32 %173, i32 0 store volatile i32 %175, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.intel_pipe_crc* @icmp_global to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br label %177 %178 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %34, i64 0, i32 34, i32 19 %179 = load %struct.sock.829134**, %struct.sock.829134*** %178, align 32 %180 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.829134** %179) #6, !srcloc !10 %181 = inttoptr i64 %180 to %struct.sock.829134* %182 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %181, i64 0, i32 1, i32 0, i32 0, i32 0 %183 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %182) #76 %184 = icmp eq i32 %183, 0 %185 = icmp eq i64 %180, 0 %186 = or i1 %185, %184 br i1 %186, label %503, label %187 %188 = getelementptr inbounds i8, i8* %40, i64 16 %189 = bitcast i8* %188 to i32* %190 = load i32, i32* %189, align 4 %191 = load %struct.rtable.828746*, %struct.rtable.828746** %10, align 8 %192 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %191, i64 0, i32 2 %193 = load i32, i32* %192, align 4 %194 = icmp sgt i32 %193, -1 br i1 %194, label %195, label %227 %228 = phi i32 [ %190, %187 ], [ %226, %225 ] %229 = getelementptr inbounds i8, i8* %40, i64 1 %230 = load i8, i8* %229, align 1 %231 = and i8 %230, 30 %232 = or i8 %231, -64 %233 = select i1 %69, i8 %232, i8 %230 %234 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %34, i64 0, i32 34, i32 45 %235 = load i8, i8* %234, align 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %240, label %237 %241 = phi i32 [ %239, %237 ], [ 0, %227 ] %242 = getelementptr inbounds %struct.icmp_bxm, %struct.icmp_bxm* %9, i64 0, i32 5, i32 0, i32 1 %243 = call i32 @__ip_options_echo(%struct.net.828834* %34, %struct.ip_options* %242, %struct.sk_buff.829144* %0, %struct.ip_options* %4) #76 Function:__ip_options_echo %5 = bitcast %struct.ip_options* %1 to i8* %6 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 2 %7 = load i8, i8* %6, align 4 %8 = icmp eq i8 %7, 0 br i1 %8, label %251, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %13 = load i16, i16* %12, align 4 %14 = zext i16 %13 to i64 %15 = getelementptr i8, i8* %11, i64 %14 %16 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 %17 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 4 %18 = load i8, i8* %17, align 2 %19 = icmp eq i8 %18, 0 br i1 %19, label %54, label %20 %55 = phi i8 [ %53, %51 ], [ 20, %9 ] %56 = phi i8* [ %52, %51 ], [ %16, %9 ] %57 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 5 %58 = load i8, i8* %57, align 1 %59 = icmp eq i8 %58, 0 br i1 %59, label %135, label %60 %136 = phi i8* [ %132, %131 ], [ %56, %54 ] %137 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 3 %138 = load i8, i8* %137, align 1 %139 = icmp eq i8 %138, 0 br i1 %139, label %214, label %140 %141 = zext i8 %138 to i64 %142 = getelementptr i8, i8* %15, i64 %141 %143 = getelementptr i8, i8* %142, i64 1 %144 = load i8, i8* %143, align 1 %145 = getelementptr i8, i8* %142, i64 2 %146 = load i8, i8* %145, align 1 %147 = zext i8 %146 to i32 %148 = icmp ugt i8 %146, %144 %149 = zext i8 %144 to i32 %150 = add nuw nsw i32 %149, 1 %151 = select i1 %148, i32 %150, i32 %147 %152 = icmp ugt i32 %151, 7 br i1 %152, label %153, label %214 %154 = add nsw i32 %151, -5 %155 = zext i32 %154 to i64 %156 = getelementptr i8, i8* %142, i64 %155 %157 = bitcast i8* %156 to i32* %158 = load i32, i32* %157, align 1 %159 = add nsw i32 %151, -8 %160 = icmp ugt i32 %151, 11 br i1 %160, label %161, label %177 %162 = phi i64 [ %173, %161 ], [ 4, %153 ] %163 = phi i32 [ %172, %161 ], [ %159, %153 ] %164 = add nsw i64 %162, -1 %165 = getelementptr i8, i8* %136, i64 %164 %166 = add nsw i32 %163, -1 %167 = zext i32 %166 to i64 %168 = getelementptr i8, i8* %142, i64 %167 %169 = bitcast i8* %168 to i32* %170 = bitcast i8* %165 to i32* %171 = load i32, i32* %169, align 1 store i32 %171, i32* %170, align 1 %172 = add nsw i32 %163, -4 %173 = add nuw nsw i64 %162, 4 %174 = icmp sgt i32 %163, 7 br i1 %174, label %161, label %175 %176 = trunc i64 %173 to i32 br label %177 %178 = phi i32 [ %159, %153 ], [ %172, %175 ] %179 = phi i32 [ 4, %153 ], [ %176, %175 ] %180 = load i8*, i8** %10, align 8 %181 = load i16, i16* %12, align 4 %182 = zext i16 %181 to i64 %183 = getelementptr i8, i8* %180, i64 %182 %184 = getelementptr inbounds i8, i8* %183, i64 12 %185 = add nsw i32 %178, 3 %186 = zext i32 %185 to i64 %187 = getelementptr i8, i8* %142, i64 %186 %188 = tail call i32 @bcmp(i8* dereferenceable(4) %184, i8* dereferenceable(4) %187, i64 4) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.892941, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.892941* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %58 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.892435*, %struct.inet6_dev.892435** %58, align 16 %60 = icmp eq %struct.inet6_dev.892435* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.895232*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.892517*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.892517* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #76 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %79 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %102 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.892388** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 1 %109 = load %struct.dst_ops.892390*, %struct.dst_ops.892390** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.892411*, i8*)*, void (%struct.dst_entry.892411*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.892411*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %122 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121) #76 %123 = icmp eq %struct.neighbour.892346* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*, i1)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121, i1 zeroext true) #76 %126 = icmp ugt %struct.neighbour.892346* %125, inttoptr (i64 -4096 to %struct.neighbour.892346*) %127 = icmp eq %struct.neighbour.892346* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.892346* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.895232*, %struct.neighbour.894739*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.892517*, %struct.neighbour.892346*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.892517* %131, %struct.neighbour.892346* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #76 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.894739*, i8*, i8, i32, i32)*)(%struct.neighbour.894739* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #76 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #76 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #76 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %126, label %113 %114 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %115 = zext i8 %104 to i64 %116 = tail call i32 @bcmp(i8* nonnull %1, i8* %114, i64 %115) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.892941, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.892941* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %58 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.892435*, %struct.inet6_dev.892435** %58, align 16 %60 = icmp eq %struct.inet6_dev.892435* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.895232*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.892517*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.892517* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #76 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %79 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %102 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.892388** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 1 %109 = load %struct.dst_ops.892390*, %struct.dst_ops.892390** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.892411*, i8*)*, void (%struct.dst_entry.892411*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.892411*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %122 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121) #76 %123 = icmp eq %struct.neighbour.892346* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*, i1)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121, i1 zeroext true) #76 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #76 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #76 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #76 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #76 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #76 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #76 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #76 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #76 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #76 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #76 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 __ip_do_redirect 3 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %148 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 0 %149 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %148, align 8 %150 = icmp eq %struct.neighbour.828735* %149, null br i1 %150, label %174, label %137 tail call fastcc void @local_bh_enable.65379() #76 br label %177 %178 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 %179 = call %struct.neighbour.828735* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.828735* (%struct.neigh_table.828732*, i8*, %struct.net_device.829233*, i1)*)(%struct.neigh_table.828732* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i8* nonnull %10, %struct.net_device.829233* %178, i1 zeroext true) #76 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #76 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #76 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #76 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #76 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #76 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #76 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #76 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #76 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #76 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #76 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 ip6_neigh_lookup 3 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %5 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %6 = bitcast %struct.lwtunnel_state.892388** %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 2 %9 = icmp eq i32 %8, 0 %10 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %4, i64 0, i32 5 %11 = and i32 %7, 16777216 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %4, i64 0, i32 3, i32 0 %14 = select i1 %12, %struct.in6_addr* bitcast ({ { [16 x i8] } }* @in6addr_any to %struct.in6_addr*), %struct.in6_addr* %13 %15 = select i1 %9, %struct.in6_addr* %14, %struct.in6_addr* %10 %16 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 0 %17 = load %struct.net_device.892517*, %struct.net_device.892517** %16, align 8 %18 = tail call %struct.neighbour.892346* @ip6_neigh_lookup(%struct.in6_addr* %15, %struct.net_device.892517* %17, %struct.sk_buff.892530* %1, i8* %2) #76 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile %struct.neigh_hash_table.892341*, %struct.neigh_hash_table.892341** getelementptr inbounds (%struct.neigh_table.892342, %struct.neigh_table.892342* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i64 0, i32 29), align 8 %27 = getelementptr inbounds %struct.neigh_hash_table.892341, %struct.neigh_hash_table.892341* %26, i64 0, i32 2, i64 0 %28 = bitcast i8* %25 to i32* %29 = load i32, i32* %28, align 4 %30 = ptrtoint %struct.net_device.892517* %1 to i64 %31 = lshr i64 %30, 32 %32 = xor i64 %31, %30 %33 = trunc i64 %32 to i32 %34 = xor i32 %29, %33 %35 = load i32, i32* %27, align 4 %36 = mul i32 %34, %35 %37 = getelementptr i8, i8* %25, i64 4 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 4 %40 = getelementptr %struct.neigh_hash_table.892341, %struct.neigh_hash_table.892341* %26, i64 0, i32 2, i64 1 %41 = load i32, i32* %40, align 4 %42 = mul i32 %41, %39 %43 = add i32 %42, %36 %44 = getelementptr i8, i8* %25, i64 8 %45 = bitcast i8* %44 to i32* %46 = load i32, i32* %45, align 4 %47 = getelementptr %struct.neigh_hash_table.892341, %struct.neigh_hash_table.892341* %26, i64 0, i32 2, i64 2 %48 = load i32, i32* %47, align 4 %49 = mul i32 %48, %46 %50 = add i32 %43, %49 %51 = getelementptr i8, i8* %25, i64 12 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr %struct.neigh_hash_table.892341, %struct.neigh_hash_table.892341* %26, i64 0, i32 2, i64 3 %55 = load i32, i32* %54, align 4 %56 = mul i32 %55, %53 %57 = add i32 %50, %56 %58 = getelementptr inbounds %struct.neigh_hash_table.892341, %struct.neigh_hash_table.892341* %26, i64 0, i32 1 %59 = load i32, i32* %58, align 8 %60 = sub i32 32, %59 %61 = lshr i32 %57, %60 %62 = getelementptr inbounds %struct.neigh_hash_table.892341, %struct.neigh_hash_table.892341* %26, i64 0, i32 0 %63 = load %struct.neighbour.892346**, %struct.neighbour.892346*** %62, align 8 %64 = zext i32 %61 to i64 %65 = getelementptr %struct.neighbour.892346*, %struct.neighbour.892346** %63, i64 %64 %66 = load volatile %struct.neighbour.892346*, %struct.neighbour.892346** %65, align 8 %67 = icmp eq %struct.neighbour.892346* %66, null br i1 %67, label %121, label %68 %69 = phi %struct.neighbour.892346* [ %96, %94 ], [ %66, %24 ] %70 = getelementptr inbounds %struct.neighbour.892346, %struct.neighbour.892346* %69, i64 0, i32 25 %71 = load %struct.net_device.892517*, %struct.net_device.892517** %70, align 8 %72 = icmp eq %struct.net_device.892517* %71, %1 br i1 %72, label %73, label %94 %74 = getelementptr inbounds %struct.neighbour.892346, %struct.neighbour.892346* %69, i64 0, i32 26, i64 0 %75 = bitcast i8* %74 to i32* %76 = load i32, i32* %75, align 4 %77 = xor i32 %76, %29 %78 = getelementptr %struct.neighbour.892346, %struct.neighbour.892346* %69, i64 0, i32 26, i64 4 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %39 %82 = or i32 %81, %77 %83 = getelementptr %struct.neighbour.892346, %struct.neighbour.892346* %69, i64 0, i32 26, i64 8 %84 = bitcast i8* %83 to i32* %85 = load i32, i32* %84, align 4 %86 = xor i32 %85, %46 %87 = or i32 %82, %86 %88 = getelementptr %struct.neighbour.892346, %struct.neighbour.892346* %69, i64 0, i32 26, i64 12 %89 = bitcast i8* %88 to i32* %90 = load i32, i32* %89, align 4 %91 = xor i32 %90, %53 %92 = or i32 %87, %91 %93 = icmp eq i32 %92, 0 br i1 %93, label %98, label %94 %95 = getelementptr inbounds %struct.neighbour.892346, %struct.neighbour.892346* %69, i64 0, i32 0 %96 = load volatile %struct.neighbour.892346*, %struct.neighbour.892346** %95, align 8 %97 = icmp eq %struct.neighbour.892346* %96, null br i1 %97, label %121, label %68 tail call fastcc void @local_bh_enable.67342() #76 br label %124 %125 = tail call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*, i1)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %25, %struct.net_device.892517* %1, i1 zeroext true) #76 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #76 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #76 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #76 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #76 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #76 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #76 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #76 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #76 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #76 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #76 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %7 = getelementptr inbounds %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 0, i32 0 %8 = load %struct.net_device.829233*, %struct.net_device.829233** %7, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 1, i32 2 %10 = bitcast i64* %9 to i8* %11 = load i8, i8* %10, align 8 switch i8 %11, label %138 [ i8 2, label %12 i8 10, label %58 ], !prof !6 %59 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %6, i64 0, i32 8, i32 0 %60 = bitcast %struct.in6_addr* %59 to i8* %61 = load %struct.ipv6_stub.829238*, %struct.ipv6_stub.829238** bitcast (%struct.ipv6_stub.923244** @ipv6_stub to %struct.ipv6_stub.829238**), align 8 %62 = getelementptr inbounds %struct.ipv6_stub.829238, %struct.ipv6_stub.829238* %61, i64 0, i32 20 %63 = load %struct.neigh_table.828732*, %struct.neigh_table.828732** %62, align 8 %64 = getelementptr inbounds %struct.neigh_table.828732, %struct.neigh_table.828732* %63, i64 0, i32 29 %65 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** %64, align 8 %66 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %65, i64 0, i32 2, i64 0 %67 = getelementptr %struct.in6_addr, %struct.in6_addr* %59, i64 0, i32 0, i32 0, i64 0 %68 = load i32, i32* %67, align 4 %69 = ptrtoint %struct.net_device.829233* %8 to i64 %70 = lshr i64 %69, 32 %71 = xor i64 %70, %69 %72 = trunc i64 %71 to i32 %73 = xor i32 %68, %72 %74 = load i32, i32* %66, align 4 %75 = mul i32 %73, %74 %76 = getelementptr %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 1, i32 3 %77 = bitcast i64* %76 to i32* %78 = load i32, i32* %77, align 4 %79 = getelementptr %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %65, i64 0, i32 2, i64 1 %80 = load i32, i32* %79, align 4 %81 = mul i32 %80, %78 %82 = add i32 %81, %75 %83 = getelementptr %struct.rtable.828746, %struct.rtable.828746* %6, i64 0, i32 8, i32 0, i32 0, i32 0, i64 2 %84 = load i32, i32* %83, align 4 %85 = getelementptr %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %65, i64 0, i32 2, i64 2 %86 = load i32, i32* %85, align 4 %87 = mul i32 %86, %84 %88 = add i32 %82, %87 %89 = getelementptr %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 1, i32 4 %90 = bitcast %struct.xfrm_state.828719** %89 to i32* %91 = load i32, i32* %90, align 4 %92 = getelementptr %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %65, i64 0, i32 2, i64 3 %93 = load i32, i32* %92, align 4 %94 = mul i32 %93, %91 %95 = add i32 %88, %94 %96 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %65, i64 0, i32 1 %97 = load i32, i32* %96, align 8 %98 = sub i32 32, %97 %99 = lshr i32 %95, %98 %100 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %65, i64 0, i32 0 %101 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %100, align 8 %102 = zext i32 %99 to i64 %103 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %101, i64 %102 %104 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %103, align 8 %105 = icmp eq %struct.neighbour.828735* %104, null br i1 %105, label %136, label %106 %107 = phi %struct.neighbour.828735* [ %134, %132 ], [ %104, %58 ] %108 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %107, i64 0, i32 25 %109 = load %struct.net_device.829233*, %struct.net_device.829233** %108, align 8 %110 = icmp eq %struct.net_device.829233* %109, %8 br i1 %110, label %111, label %132 %112 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %107, i64 0, i32 26, i64 0 %113 = bitcast i8* %112 to i32* %114 = load i32, i32* %113, align 4 %115 = xor i32 %114, %68 %116 = getelementptr %struct.neighbour.828735, %struct.neighbour.828735* %107, i64 0, i32 26, i64 4 %117 = bitcast i8* %116 to i32* %118 = load i32, i32* %117, align 4 %119 = xor i32 %118, %78 %120 = or i32 %119, %115 %121 = getelementptr %struct.neighbour.828735, %struct.neighbour.828735* %107, i64 0, i32 26, i64 8 %122 = bitcast i8* %121 to i32* %123 = load i32, i32* %122, align 4 %124 = xor i32 %123, %84 %125 = or i32 %120, %124 %126 = getelementptr %struct.neighbour.828735, %struct.neighbour.828735* %107, i64 0, i32 26, i64 12 %127 = bitcast i8* %126 to i32* %128 = load i32, i32* %127, align 4 %129 = xor i32 %128, %91 %130 = or i32 %125, %129 %131 = icmp eq i32 %130, 0 br i1 %131, label %195, label %132 %133 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %107, i64 0, i32 0 %134 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %133, align 8 %135 = icmp eq %struct.neighbour.828735* %134, null br i1 %135, label %136, label %106 %137 = tail call %struct.neighbour.828735* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.828735* (%struct.neigh_table.828732*, i8*, %struct.net_device.829233*, i1)*)(%struct.neigh_table.828732* %63, i8* %60, %struct.net_device.829233* %8, i1 zeroext false) #76 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #76 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #76 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #76 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #76 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #76 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #76 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #76 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #76 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #76 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #76 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 dev_get_port_parent_id 1 phys_switch_id_show ------------- Path:  Function:phys_switch_id_show %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr %struct.device.767528, %struct.device.767528* %0, i64 -2, i32 11, i32 2 %6 = bitcast i32* %5 to %struct.net_device.767860* %7 = getelementptr inbounds i32, i32* %5, i64 50 %8 = bitcast i32* %7 to %struct.net_device_ops.767773** %9 = load %struct.net_device_ops.767773*, %struct.net_device_ops.767773** %8, align 8 %10 = getelementptr inbounds %struct.net_device_ops.767773, %struct.net_device_ops.767773* %9, i64 0, i32 61 %11 = load i32 (%struct.net_device.767860*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.767860*, %struct.netdev_phys_item_id*)** %10, align 8 %12 = icmp eq i32 (%struct.net_device.767860*, %struct.netdev_phys_item_id*)* %11, null br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.net_device_ops.767773, %struct.net_device_ops.767773* %9, i64 0, i32 74 %15 = load %struct.devlink_port* (%struct.net_device.767860*)*, %struct.devlink_port* (%struct.net_device.767860*)** %14, align 8 %16 = icmp eq %struct.devlink_port* (%struct.net_device.767860*)* %15, null br i1 %16, label %42, label %17 %18 = tail call i32 @rtnl_trylock() #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %23 %24 = getelementptr inbounds i32, i32* %5, i64 294 %25 = bitcast i32* %24 to i8* %26 = load i8, i8* %25, align 8 %27 = icmp ugt i8 %26, 1 br i1 %27, label %40, label %28 %29 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.net_device.757749*, %struct.netdev_phys_item_id*, i1)* @dev_get_port_parent_id to i32 (%struct.net_device.767860*, %struct.netdev_phys_item_id*, i1)*)(%struct.net_device.767860* %6, %struct.netdev_phys_item_id* nonnull %4, i1 zeroext false) #76 Function:dev_get_port_parent_id %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %6 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %5, align 8 %7 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %8 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %6, i64 0, i32 61 %9 = load i32 (%struct.net_device.757749*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.757749*, %struct.netdev_phys_item_id*)** %8, align 8 %10 = icmp eq i32 (%struct.net_device.757749*, %struct.netdev_phys_item_id*)* %9, null br i1 %10, label %16, label %11 %12 = tail call i32 %9(%struct.net_device.757749* %0, %struct.netdev_phys_item_id* %1) #76 %13 = icmp ne i32 %12, -95 %14 = xor i1 %2, true %15 = or i1 %13, %14 br i1 %15, label %57, label %17 %18 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 13, i32 1, i32 0 %19 = bitcast %struct.list_head** %18 to i64* %20 = load i64, i64* %19, align 16 %21 = inttoptr i64 %20 to %struct.list_head* %22 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 13, i32 1 %23 = icmp eq %struct.list_head* %22, %21 br i1 %23, label %57, label %24 %25 = inttoptr i64 %20 to i8* %26 = getelementptr i8, i8* %25, i64 -24 %27 = bitcast i8* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = icmp eq i8* %28, null br i1 %29, label %57, label %30 %31 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 1 %32 = getelementptr %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %1, i64 0, i32 0, i64 0 br label %33 %34 = phi i8* [ %28, %30 ], [ %55, %51 ] %35 = phi i64 [ %20, %30 ], [ %37, %51 ] %36 = inttoptr i64 %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast i8* %34 to %struct.net_device.757749* %39 = tail call i32 @dev_get_port_parent_id(%struct.net_device.757749* nonnull %38, %struct.netdev_phys_item_id* %1, i1 zeroext %2) #77 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %57 %42 = load i8, i8* %31, align 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %45 %46 = call i32 @bcmp(i8* nonnull dereferenceable(33) %7, i8* dereferenceable(33) %32, i64 33) ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %64 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %64, align 8 %65 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.734306* nonnull %0, %struct.snd_pcm_hw_params* %1) #77 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %84, label %81 %82 = load i32, i32* %23, align 4 %83 = or i32 %82, 2 store i32 %83, i32* %23, align 4 br label %84 %85 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2 %86 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %85, i64 0, i32 0, i64 0 %87 = load i32, i32* %86, align 4 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %93 %90 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %91 = load i32, i32* %90, align 4 %92 = icmp eq i32 %91, 0 br i1 %92, label %290, label %93 %94 = and i32 %8, 4 %95 = icmp eq i32 %94, 0 br i1 %95, label %114, label %96 %97 = bitcast %struct.extended_perms_data* %85 to i8* %98 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 0 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, %87 store i32 %100, i32* %86, align 4 %101 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 1 %102 = load i32, i32* %101, align 4 %103 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, %102 store i32 %105, i32* %103, align 4 %106 = or i32 %105, %100 %107 = icmp eq i32 %106, 0 br i1 %107, label %47, label %108 %109 = call i32 @bcmp(i8* dereferenceable(8) %97, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %64 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %64, align 8 %65 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.734306* nonnull %0, %struct.snd_pcm_hw_params* %1) #77 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %84, label %81 %82 = load i32, i32* %23, align 4 %83 = or i32 %82, 2 store i32 %83, i32* %23, align 4 br label %84 %85 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2 %86 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %85, i64 0, i32 0, i64 0 %87 = load i32, i32* %86, align 4 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %93 %90 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %91 = load i32, i32* %90, align 4 %92 = icmp eq i32 %91, 0 br i1 %92, label %290, label %93 %94 = and i32 %8, 4 %95 = icmp eq i32 %94, 0 br i1 %95, label %114, label %96 %97 = bitcast %struct.extended_perms_data* %85 to i8* %98 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 0 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, %87 store i32 %100, i32* %86, align 4 %101 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 1 %102 = load i32, i32* %101, align 4 %103 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, %102 store i32 %105, i32* %103, align 4 %106 = or i32 %105, %100 %107 = icmp eq i32 %106, 0 br i1 %107, label %47, label %108 %109 = call i32 @bcmp(i8* dereferenceable(8) %97, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %64 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %64, align 8 %65 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.734306* nonnull %0, %struct.snd_pcm_hw_params* %1) #77 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %64 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %64, align 8 %65 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.734306* nonnull %0, %struct.snd_pcm_hw_params* %1) #77 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %64 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %64, align 8 %65 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.734306* nonnull %0, %struct.snd_pcm_hw_params* %1) #77 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.734306* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #77 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #76 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #76 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.734296*, %struct.snd_pcm_ops.734296** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.734296, %struct.snd_pcm_ops.734296* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.734306*, i32, i8*)*, i32 (%struct.snd_pcm_substream.734306*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.734306*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.734306* %0, i32 2, i8* %37) #76 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %344 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %164 i32 16708, label %302 i32 16707, label %304 i32 -2146942687, label %342 ] %16 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %17 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.734306* %0, %struct.snd_pcm_hw_params* %16) #76 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.734306* %0, null br i1 %3, label %348, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.734302* %6, null br i1 %7, label %348, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #76 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #76 br label %33 br i1 %23, label %34, label %348 %35 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 20, i32 0 %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %348 %39 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %5, align 8 %40 = icmp eq %struct.snd_pcm_runtime.734302* %39, null br i1 %40, label %63, label %41 %64 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %64, align 8 %65 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.734306* nonnull %0, %struct.snd_pcm_hw_params* %1) #77 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.714367* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 %95 = icmp eq i32 %94, 0 br i1 %95, label %96, label %111 %97 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1 %98 = bitcast %struct.uuid_t* %97 to i64* %99 = load i64, i64* %98, align 1 %100 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %101 = bitcast i8* %100 to i64* %102 = load i64, i64* %101, align 1 %103 = bitcast { i64, i64 }* %4 to i8* %104 = bitcast { i64, i64 }* %5 to i8* %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %84, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %87, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %99, i64* %107, align 8 %108 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %102, i64* %108, align 8 %109 = call i32 @bcmp(i8* nonnull dereferenceable(16) %103, i8* nonnull dereferenceable(16) %104, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.714367* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.714367* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.714367* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_write ------------- Path:  Function:xhci_port_write %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.xhci_port** %11 = load %struct.xhci_port*, %struct.xhci_port** %10, align 8 %12 = getelementptr inbounds %struct.xhci_port, %struct.xhci_port* %11, i64 0, i32 3 %13 = load %struct.xhci_hub*, %struct.xhci_hub** %12, align 8 %14 = getelementptr inbounds %struct.xhci_hub, %struct.xhci_hub* %13, i64 0, i32 2 %15 = load %struct.usb_hcd*, %struct.usb_hcd** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.usb_hcd.660241*)* @usb_hcd_is_primary_hcd to i32 (%struct.usb_hcd*)*)(%struct.usb_hcd* %15) #76 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %22 = phi %struct.usb_hcd* [ %20, %18 ], [ %15, %4 ] %23 = getelementptr inbounds %struct.usb_hcd, %struct.usb_hcd* %22, i64 0, i32 29, i64 0 %24 = bitcast i64* %23 to %struct.xhci_hcd* %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %26 = icmp ult i64 %2, 31 %27 = select i1 %26, i64 %2, i64 31 %28 = call i64 @_copy_from_user(i8* nonnull %25, i8* %1, i64 %27) #76 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %53 %31 = call i32 @bcmp(i8* nonnull dereferenceable(10) %25, i8* dereferenceable(10) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.209.55575, i64 0, i64 0), i64 10) ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.617410, %struct.device.617410* %0, i64 -2, i32 2 %13 = bitcast %struct.device_private** %12 to %struct.Scsi_Host.620936* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.48668, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #76 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.48669, i64 0, i64 0), i64 2) #6 %22 = icmp eq i32 %21, 0 br i1 %22, label %29, label %23 %24 = call i64 @simple_strtoull(i8* nonnull %14, i8** nonnull %7, i32 0) #76 %25 = load i8*, i8** %7, align 8 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 %30 = phi i64 [ %24, %23 ], [ -1, %19 ] %31 = bitcast i8** %6 to i8* %32 = call i32 @bcmp(i8* nonnull dereferenceable(2) %15, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.48669, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.617410, %struct.device.617410* %0, i64 -2, i32 2 %13 = bitcast %struct.device_private** %12 to %struct.Scsi_Host.620936* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.48668, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #76 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.48669, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %365 = icmp eq i64 %206, 2338324113575339364 br i1 %365, label %366, label %412 %367 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %368 = bitcast i8* %367 to i32* %369 = load i32, i32* %368, align 8 %370 = icmp eq i32 %369, 1701736302 br i1 %370, label %380, label %371 %372 = trunc i32 %369 to i16 %373 = call i32 @bcmp(i8* dereferenceable(6) %367, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %374 = icmp eq i32 %373, 0 %375 = icmp eq i16 %372, 28521 %376 = or i1 %374, %375 br i1 %376, label %380, label %377 %378 = call i32 @bcmp(i8* dereferenceable(3) %367, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46493, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %365 = icmp eq i64 %206, 2338324113575339364 br i1 %365, label %366, label %412 %367 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %368 = bitcast i8* %367 to i32* %369 = load i32, i32* %368, align 8 %370 = icmp eq i32 %369, 1701736302 br i1 %370, label %380, label %371 %372 = trunc i32 %369 to i16 %373 = call i32 @bcmp(i8* dereferenceable(6) %367, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46523, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %220 = call i32 @bcmp(i8* dereferenceable(3) %209, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46493, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46521, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46492, i64 0, i64 0), i64 2) %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %73 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46493, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46521, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46492, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46521, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46521, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46521, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46492, i64 0, i64 0), i64 2) %31 = icmp eq i32 %30, 0 br i1 %31, label %35, label %32 %33 = call i32 @bcmp(i8* dereferenceable(3) %23, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46493, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46492, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46490, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #77 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #76 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #77 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %39 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3126, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 load_elf_binary ------------- Path:  Function:load_elf_binary %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %5 = bitcast i8* %4 to %struct.elf64_hdr* %6 = tail call i32 @bcmp(i8* dereferenceable(4) %4, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.17927, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 load_elf_binary.17932 ------------- Path:  Function:load_elf_binary.17932 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %5 = bitcast i8* %4 to %struct.elf32_hdr* %6 = tail call i32 @bcmp(i8* dereferenceable(4) %4, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.17940, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.183106, %struct.inode.183106* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.182852** %6 = load %struct.pid.182852*, %struct.pid.182852** %5, align 8 %7 = tail call %struct.task_struct.183045* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.183045* (%struct.pid.182852*, i32)*)(%struct.pid.182852* %6, i32 0) #76 %8 = icmp eq %struct.task_struct.183045* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.183110, %struct.dentry.183110* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.183110, %struct.dentry.183110* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.183047** [ getelementptr inbounds ([9 x %struct.proc_ns_operations.183047*], [9 x %struct.proc_ns_operations.183047*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.183047*, %struct.proc_ns_operations.183047** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.183047, %struct.proc_ns_operations.183047* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #77 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236616** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236616** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236590** %46 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #76 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236590** %64 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %63, align 16 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %33 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi i32 [ %96, %85 ], [ 0, %65 ] %74 = phi %struct.page** [ %95, %85 ], [ %21, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #76 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %73, 0 br i1 %82, label %83, label %166 %84 = zext i32 %73 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %73, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.135675*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #76 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236590** %187 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %73, label %17 %74 = phi i32 [ -36, %16 ], [ %72, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %75)) #6 to label %89 [label %75], !srcloc !4 %90 = load %struct.super_block*, %struct.super_block** %13, align 8 %91 = getelementptr inbounds %struct.super_block, %struct.super_block* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.236590** %93 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %92, align 16 %94 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %93, i32 %74, %struct.nfs4_exception* nonnull %7) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241558*, %struct.nfs4_minor_version_ops.241558** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241558, %struct.nfs4_minor_version_ops.241558* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #76 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236616** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236616** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236590** %46 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #76 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236590** %64 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %63, align 16 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %33 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi i32 [ %96, %85 ], [ 0, %65 ] %74 = phi %struct.page** [ %95, %85 ], [ %21, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #76 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %73, 0 br i1 %82, label %83, label %166 %84 = zext i32 %73 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %73, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.135675*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #76 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236590** %187 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %73, label %17 %74 = phi i32 [ -36, %16 ], [ %72, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %75)) #6 to label %89 [label %75], !srcloc !4 %90 = load %struct.super_block*, %struct.super_block** %13, align 8 %91 = getelementptr inbounds %struct.super_block, %struct.super_block* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.236590** %93 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %92, align 16 %94 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %93, i32 %74, %struct.nfs4_exception* nonnull %7) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236616** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236616** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236590** %46 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #76 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236590** %64 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %63, align 16 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %33 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi i32 [ %96, %85 ], [ 0, %65 ] %74 = phi %struct.page** [ %95, %85 ], [ %21, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #76 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %73, 0 br i1 %82, label %83, label %166 %84 = zext i32 %73 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %73, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.135675*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #76 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236590** %187 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %73, label %17 %74 = phi i32 [ -36, %16 ], [ %72, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %75)) #6 to label %89 [label %75], !srcloc !4 %90 = load %struct.super_block*, %struct.super_block** %13, align 8 %91 = getelementptr inbounds %struct.super_block, %struct.super_block* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.236590** %93 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %92, align 16 %94 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %93, i32 %74, %struct.nfs4_exception* nonnull %7) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236616** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236616** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236590** %46 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #76 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236590** %64 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %63, align 16 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %33 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi i32 [ %96, %85 ], [ 0, %65 ] %74 = phi %struct.page** [ %95, %85 ], [ %21, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #76 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %73, 0 br i1 %82, label %83, label %166 %84 = zext i32 %73 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %73, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.135675*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #76 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236590** %187 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %73, label %17 %74 = phi i32 [ -36, %16 ], [ %72, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %75)) #6 to label %89 [label %75], !srcloc !4 %90 = load %struct.super_block*, %struct.super_block** %13, align 8 %91 = getelementptr inbounds %struct.super_block, %struct.super_block* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.236590** %93 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %92, align 16 %94 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %93, i32 %74, %struct.nfs4_exception* nonnull %7) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #76 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238234** %7 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 18 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = bitcast %struct.cpu_itimer* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238262** %26 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %25, align 8 %27 = icmp eq %struct.nfs4_state.238262* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #76 %89 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238293** %91 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238293* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation_on_close 2 nfs4_put_open_state 3 __nfs4_close 4 nfs4_close_sync 5 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %3, align 8 %5 = icmp eq %struct.nfs4_state.236616* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238262*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236616*, i32)*)(%struct.nfs4_state.236616* nonnull %4, i32 %13) #76 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238262* %0, i32 %1, i32 3264, i32 1) #76 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %95, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %96 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %97 = icmp eq i32 %64, 0 br i1 %97, label %98, label %117 tail call void @nfs4_put_open_state(%struct.nfs4_state.238262* %0) #77 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #76 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 25, i32 1 %6 = bitcast i64* %5 to %struct.nfs_delegation.236662** %7 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236662* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236662* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236662* %61, i32 0) #77 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241499** %8 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236662* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %34 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %33, i64 18 %35 = bitcast %struct.cpu_itimer* %34 to %struct.list_head* %36 = bitcast %struct.cpu_itimer* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %44 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 %45 = icmp eq %struct.list_head* %44, %35 br i1 %45, label %144, label %46 %47 = phi %struct.list_head* [ %142, %140 ], [ %44, %43 ] %48 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -8 %49 = bitcast %struct.list_head* %48 to %struct.nfs_open_context.241523* %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -2 %51 = bitcast %struct.list_head* %50 to %struct.nfs4_state.241522** %52 = load %struct.nfs4_state.241522*, %struct.nfs4_state.241522** %51, align 8 %53 = icmp eq %struct.nfs4_state.241522* %52, null br i1 %53, label %140, label %54 %55 = getelementptr inbounds %struct.nfs4_state.241522, %struct.nfs4_state.241522* %52, i64 0, i32 5 %56 = load volatile i64, i64* %55, align 8 %57 = and i64 %56, 2 %58 = icmp eq i64 %57, 0 br i1 %58, label %140, label %59 %60 = load volatile i64, i64* %55, align 8 %61 = and i64 %60, 512 %62 = icmp eq i64 %61, 0 br i1 %62, label %63, label %140 %64 = getelementptr inbounds %struct.nfs4_state.241522, %struct.nfs4_state.241522* %52, i64 0, i32 8, i32 1 %65 = load i32, i32* %64, align 4 %66 = load i32, i32* %37, align 4 %67 = icmp eq i32 %65, %66 br i1 %67, label %68, label %140 %69 = getelementptr inbounds %struct.nfs4_state.241522, %struct.nfs4_state.241522* %52, i64 0, i32 8 %70 = bitcast %struct.nfs4_stateid_struct* %69 to i8* %71 = tail call i32 @bcmp(i8* dereferenceable(16) %70, i8* dereferenceable(16) %38, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236616** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236616** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236590** %46 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #76 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236590** %64 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %63, align 16 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %33 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi i32 [ %96, %85 ], [ 0, %65 ] %74 = phi %struct.page** [ %95, %85 ], [ %21, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #76 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %73, 0 br i1 %82, label %83, label %166 %84 = zext i32 %73 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %73, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.135675*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #76 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236590** %187 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %73, label %17 %74 = phi i32 [ -36, %16 ], [ %72, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %75)) #6 to label %89 [label %75], !srcloc !4 %90 = load %struct.super_block*, %struct.super_block** %13, align 8 %91 = getelementptr inbounds %struct.super_block, %struct.super_block* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.236590** %93 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %92, align 16 %94 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %93, i32 %74, %struct.nfs4_exception* nonnull %7) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236616* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238234*, %struct.nfs4_state.238262*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236590*, %struct.nfs4_state.236616*)*)(%struct.nfs_server.236590* %0, %struct.nfs4_state.236616* nonnull %7) #76 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238305*, %struct.nfs_client.238305** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238305, %struct.nfs_client.238305* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #76 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %143, label %9 %10 = getelementptr inbounds %struct.inode.262289, %struct.inode.262289* %0, i64 0, i32 8 %11 = load %struct.super_block.262270*, %struct.super_block.262270** %10, align 8 %12 = getelementptr inbounds %struct.super_block.262270, %struct.super_block.262270* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.autofs_sb_info.262300** %14 = load %struct.autofs_sb_info.262300*, %struct.autofs_sb_info.262300** %13, align 16 %15 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %1, i64 0, i32 9 %16 = load %struct.super_block.262270*, %struct.super_block.262270** %15, align 8 %17 = getelementptr inbounds %struct.super_block.262270, %struct.super_block.262270* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.autofs_sb_info.262300** %19 = load %struct.autofs_sb_info.262300*, %struct.autofs_sb_info.262300** %18, align 16 %20 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %1, i64 0, i32 3 %21 = load %struct.dentry.262293*, %struct.dentry.262293** %20, align 8 %22 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %1, i64 0, i32 4 %23 = bitcast %struct.qstr* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %1, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = getelementptr inbounds %struct.autofs_sb_info.262300, %struct.autofs_sb_info.262300* %19, i64 0, i32 17 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %29 = load volatile %struct.list_head*, %struct.list_head** %28, align 8 %30 = icmp eq %struct.list_head* %29, %27 br i1 %30, label %90, label %31 %32 = getelementptr inbounds %struct.autofs_sb_info.262300, %struct.autofs_sb_info.262300* %19, i64 0, i32 16 %33 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %32, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 %34 = load %struct.list_head*, %struct.list_head** %28, align 8 %35 = icmp eq %struct.list_head* %34, %27 br i1 %35, label %85, label %36 %37 = zext i32 %7 to i64 br label %38 %39 = phi %struct.list_head* [ %34, %36 ], [ %83, %80 ] %40 = getelementptr %struct.list_head, %struct.list_head* %39, i64 -4, i32 1 %41 = bitcast %struct.list_head** %40 to %struct.dentry.262293** %42 = load %struct.dentry.262293*, %struct.dentry.262293** %41, align 8 %43 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %42, i64 0, i32 7, i32 0 %44 = bitcast %struct.anon.1* %43 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %44) #76 %45 = bitcast %struct.anon.1* %43 to %struct.swap_cluster_info* %46 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %45, i64 0, i32 1 %47 = load i32, i32* %46, align 4 %48 = icmp slt i32 %47, 1 br i1 %48, label %80, label %49 %50 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %42, i64 0, i32 4 %51 = bitcast %struct.qstr* %50 to %struct.util_est* %52 = bitcast %struct.qstr* %50 to i32* %53 = load i32, i32* %52, align 8 %54 = icmp eq i32 %53, %24 br i1 %54, label %55, label %80 %56 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %42, i64 0, i32 3 %57 = load %struct.dentry.262293*, %struct.dentry.262293** %56, align 8 %58 = icmp eq %struct.dentry.262293* %57, %21 br i1 %58, label %59, label %80 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %51, i64 0, i32 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, %7 br i1 %62, label %63, label %80 %64 = getelementptr inbounds %struct.dentry.262293, %struct.dentry.262293* %42, i64 0, i32 4, i32 1 %65 = load i8*, i8** %64, align 8 %66 = tail call i32 @bcmp(i8* %65, i8* %26, i64 %37) #6 ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #78 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #76 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #78 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #76 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #78 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #76 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #78 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #76 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Good: 1194 Bad: 89 Ignored: 1712 Check Use of Function:down_write_killable Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #76 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %101 = zext i32 %4 to i64 %102 = inttoptr i64 %101 to i8* %103 = tail call i64 @ksys_shmdt(i8* %102) #76 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #76 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #76 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #76 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #76 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #76 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = alloca %struct.mmu_notifier_range, align 8 %8 = alloca %struct.kuid_t, align 4 %9 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %10 = bitcast i32* %6 to i8* %11 = icmp ult i64 %2, 12 %12 = select i1 %11, i64 %2, i64 12 %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %1, i64 %12) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %123 %16 = call i8* @strim(i8* nonnull %9) #76 %17 = call i32 @kstrtoint(i8* %16, i32 10, i32* nonnull %6) #76 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %21 %22 = load i32, i32* %6, align 4 %23 = add i32 %22, -1 %24 = icmp ugt i32 %23, 4 br i1 %24, label %123, label %25 %26 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %27 = load %struct.inode*, %struct.inode** %26, align 8 %28 = getelementptr %struct.inode, %struct.inode* %27, i64 -1, i32 41, i32 13 %29 = bitcast %struct.list_head* %28 to %struct.pid** %30 = load %struct.pid*, %struct.pid** %29, align 8 %31 = call %struct.task_struct* @get_pid_task(%struct.pid* %30, i32 0) #76 %32 = icmp eq %struct.task_struct* %31, null br i1 %32, label %123, label %33 %34 = call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %31) #76 %35 = icmp eq %struct.mm_struct* %34, null br i1 %35, label %111, label %36 %37 = bitcast %struct.mmu_notifier_range* %7 to i8* %38 = bitcast %struct.kuid_t* %8 to i8* %39 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 0, i32 0 store i32 %22, i32* %39, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@clear_refs_write, %40)) #6 to label %41 [label %40], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %34, i1 zeroext true) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 17 %43 = call i32 @down_write_killable(%struct.rw_semaphore* %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump ------------- Path:  Function:elf_core_dump %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf64_hdr, align 8 %7 = alloca %struct.elf_note_info, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.elf64_phdr, align 8 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf64_hdr, %struct.elf64_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 @dump_vma_snapshot(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #76 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 br label %10 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 17 %12 = tail call i32 @down_write_killable(%struct.rw_semaphore* %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump.17934 ------------- Path:  Function:elf_core_dump.17934 %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf32_hdr, align 4 %7 = alloca %struct.elf_note_info.169654, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.efi_info, align 4 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info.169654* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 @dump_vma_snapshot(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #76 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 br label %10 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 17 %12 = tail call i32 @down_write_killable(%struct.rw_semaphore* %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #76 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #76 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.131797* %13 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %12, i64 0, i32 38 %14 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %14, i1 zeroext true) #76 br label %47 %48 = getelementptr inbounds %struct.mm_struct.131907, %struct.mm_struct.131907* %14, i64 0, i32 0, i32 17 %49 = call i32 @down_write_killable(%struct.rw_semaphore* %48) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.131797* %13 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %12, i64 0, i32 38 %14 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %14, i1 zeroext true) #76 br label %47 %48 = getelementptr inbounds %struct.mm_struct.131907, %struct.mm_struct.131907* %14, i64 0, i32 0, i32 17 %49 = call i32 @down_write_killable(%struct.rw_semaphore* %48) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131907, %struct.mm_struct.131907* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131907, %struct.mm_struct.131907* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131907, %struct.mm_struct.131907* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131907, %struct.mm_struct.131907* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #76 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #76 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #76 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #76 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #76 ------------- Use: =BAD PATH= Call Stack: 0 __vm_munmap 1 vm_munmap 2 kill_ioctx 3 __se_sys_io_destroy 4 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #76 Function:vm_munmap %3 = tail call fastcc i32 @__vm_munmap(i64 %0, i64 %1, i1 zeroext false) #76 Function:__vm_munmap %4 = alloca %struct.list_head, align 8 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = bitcast %struct.list_head* %4 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %11, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__vm_munmap, %12)) #6 to label %13 [label %12], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 br label %13 %14 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 17 %15 = call i32 @down_write_killable(%struct.rw_semaphore* %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __vm_munmap 1 vm_munmap 2 kill_ioctx 3 __se_sys_io_destroy 4 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #76 Function:vm_munmap %3 = tail call fastcc i32 @__vm_munmap(i64 %0, i64 %1, i1 zeroext false) #76 Function:__vm_munmap %4 = alloca %struct.list_head, align 8 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = bitcast %struct.list_head* %4 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %11, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__vm_munmap, %12)) #6 to label %13 [label %12], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 br label %13 %14 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 17 %15 = call i32 @down_write_killable(%struct.rw_semaphore* %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #77 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #77 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #77 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #77 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 br label %28 %29 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 br label %28 %29 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 br label %28 %29 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 br label %28 %29 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #76 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130490* %10 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 95 %11 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 %12 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #76 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 br label %19 %20 = phi %struct.signal_struct.130437* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 38 %25 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %25, i1 zeroext true) #76 br label %27 %28 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #76 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130490* %10 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 95 %11 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 %12 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #76 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 br label %19 %20 = phi %struct.signal_struct.130437* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 38 %25 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %25, i1 zeroext true) #76 br label %27 %28 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #76 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130490* %5 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %4, i64 0, i32 38 %6 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %6, i1 zeroext true) #76 br label %8 %9 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #76 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130490* %5 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %4, i64 0, i32 38 %6 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %6, i1 zeroext true) #76 br label %8 %9 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlockall ------------- Path:  Function:__do_sys_munlockall %2 = alloca %struct.vm_area_struct.130376*, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130490* %5 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %4, i64 0, i32 38 %6 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlockall, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %6, i1 zeroext true) #76 br label %8 %9 = getelementptr inbounds %struct.mm_struct.130389, %struct.mm_struct.130389* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap_pgoff 1 vm_mmap 2 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %159 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %159, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %159 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %159, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #76 %31 = bitcast i8* %30 to %struct.drm_i915_gem_object.448284* %32 = icmp eq i8* %30, null br i1 %32, label %57, label %33 %34 = bitcast i8* %30 to %struct.seqcount_spinlock* %35 = bitcast i8* %30 to i32* %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %48, label %38 %39 = phi i32 [ %46, %45 ], [ %36, %33 ] %40 = add i32 %39, 1 %41 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %35, i32 %40, i32* nonnull %35, i32 %39) #6, !srcloc !5 %42 = extractvalue { i8, i32 } %41, 0 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %45, label %48, !prof !6, !misexpect !7 %46 = extractvalue { i8, i32 } %41, 1 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %38 %49 = phi i32 [ 0, %33 ], [ %39, %38 ], [ 0, %45 ] %50 = add i32 %49, 1 %51 = or i32 %50, %49 %52 = icmp sgt i32 %51, -1 br i1 %52, label %54, label %53, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %34, i32 0) #76 br label %54 %55 = icmp eq i32 %49, 0 %56 = select i1 %55, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %31 br label %57 %58 = phi %struct.drm_i915_gem_object.448284* [ null, %25 ], [ %56, %54 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %59 = icmp eq %struct.drm_i915_gem_object.448284* %58, null br i1 %59, label %159, label %60 %61 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 3 %62 = load %struct.file*, %struct.file** %61, align 8 %63 = icmp eq %struct.file* %62, null br i1 %63, label %144, label %64 %65 = getelementptr inbounds i8, i8* %1, i64 8 %66 = bitcast i8* %65 to i64* %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds i8, i8* %1, i64 16 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %67 br i1 %72, label %73, label %144 %74 = load i64, i64* %69, align 8 %75 = sub i64 %71, %67 %76 = icmp ugt i64 %74, %75 br i1 %76, label %144, label %77 %78 = tail call i64 @vm_mmap(%struct.file* nonnull %62, i64 0, i64 %74, i64 3, i64 1, i64 %67) #76 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #76 Function:vm_mmap_pgoff %7 = alloca i64, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = bitcast i64* %7 to i8* %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = call i32 @security_mmap_file(%struct.file* %0, i64 %3, i64 %4) #76 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %37 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_mmap_pgoff, %21)) #6 to label %22 [label %21], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext true) #76 br label %22 %23 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %12, i64 0, i32 0, i32 17 %24 = call i32 @down_write_killable(%struct.rw_semaphore* %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 write_ldt 1 __se_sys_modify_ldt 2 __ia32_sys_modify_ldt ------------- Path:  Function:__ia32_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #76 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 38 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 64 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #76 ------------- Use: =BAD PATH= Call Stack: 0 write_ldt 1 __se_sys_modify_ldt 2 __x64_sys_modify_ldt ------------- Path:  Function:__x64_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #76 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 38 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 64 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #76 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #76 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #76 ------------- Good: 45 Bad: 34 Ignored: 88 Check Use of Function:__vfs_setxattr_noperm Check Use of Function:nla_strcmp Check Use of Function:acpi_setup_sb_notify_handler Check Use of Function:munlock_vma_page Check Use of Function:unlock_page Check Use of Function:ieee80211_determine_chantype Check Use of Function:attach_recursive_mnt Check Use of Function:msdos_rmdir Check Use of Function:i915_ttm_adjust_lru Check Use of Function:security_compute_av_user Check Use of Function:is_file_shm_hugepages Check Use of Function:try_to_free_swap Check Use of Function:cfg80211_unregister_wdev Check Use of Function:page_remove_rmap Check Use of Function:rtc_dev_ioctl Use: =BAD PATH= Call Stack: 0 rtc_dev_compat_ioctl ------------- Path:  Function:rtc_dev_compat_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.rtc_device.688591** %6 = load %struct.rtc_device.688591*, %struct.rtc_device.688591** %5, align 8 %7 = trunc i64 %2 to i32 %8 = and i64 %2, 4294967295 switch i32 %1, label %61 [ i32 -2147192821, label %9 i32 1074032652, label %20 i32 1074032654, label %38 ] %62 = tail call i64 @rtc_dev_ioctl(%struct.file* %0, i32 %1, i64 %8) #77 ------------- Good: 1 Bad: 1 Ignored: 3 Check Use of Function:unlock_new_inode Check Use of Function:arch_uprobe_ignore Check Use of Function:page_mapped Use: =BAD PATH= Call Stack: 0 stable_page_flags 1 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %102 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %102 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %95, label %23 %24 = phi i64 [ %84, %81 ], [ %21, %18 ] %25 = phi i64* [ %83, %81 ], [ %5, %18 ] %26 = phi i64 [ %82, %81 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %69 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %69 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %69, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %69, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %69, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %69, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %58, label %55 %59 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %60 = load %struct.mem_section_usage*, %struct.mem_section_usage** %59, align 8 %61 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %60, i64 0, i32 0, i64 0 %62 = lshr i64 %26, 9 %63 = and i64 %62, 63 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %61, i64 %63) #6, !srcloc !5 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 %67 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %68 = getelementptr %struct.page, %struct.page* %67, i64 %26 br i1 %66, label %69, label %70 %71 = phi %struct.page* [ null, %69 ], [ %68, %58 ], [ %57, %55 ] %72 = bitcast i64* %25 to i8* %73 = tail call i64 @stable_page_flags(%struct.page* %71) #76 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #76 ------------- Good: 106 Bad: 1 Ignored: 69 Check Use of Function:alloc_pid Check Use of Function:d_move Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %172 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #76 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %84, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222934*, %struct.dentry.222936*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #76 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %84 %85 = phi %struct.inode* [ %56, %62 ], [ %56, %77 ], [ %56, %73 ], [ %56, %68 ], [ %10, %52 ], [ %10, %46 ] %86 = phi %struct.dentry* [ %57, %62 ], [ %57, %77 ], [ %57, %73 ], [ %57, %68 ], [ %50, %52 ], [ null, %46 ] %87 = phi %struct.dentry* [ %58, %62 ], [ %58, %77 ], [ %58, %73 ], [ %58, %68 ], [ %40, %52 ], [ %40, %46 ] %88 = phi %struct.dentry* [ %59, %62 ], [ %59, %77 ], [ %59, %73 ], [ %59, %68 ], [ %4, %52 ], [ %4, %46 ] %89 = phi i32 [ %64, %62 ], [ 0, %77 ], [ %75, %73 ], [ %66, %68 ], [ -16, %52 ], [ -16, %46 ] %90 = icmp eq %struct.dentry* %87, null br i1 %90, label %92, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %93)) #6 to label %107 [label %93], !srcloc !4 switch i32 %89, label %169 [ i32 0, label %108 i32 -2, label %161 ] %109 = icmp eq %struct.inode* %85, null br i1 %109, label %122, label %110 tail call void bitcast (void (%struct.dentry.149376*, %struct.dentry.149376*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %88) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %172 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #76 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %84, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222934*, %struct.dentry.222936*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #76 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %84 %85 = phi %struct.inode* [ %56, %62 ], [ %56, %77 ], [ %56, %73 ], [ %56, %68 ], [ %10, %52 ], [ %10, %46 ] %86 = phi %struct.dentry* [ %57, %62 ], [ %57, %77 ], [ %57, %73 ], [ %57, %68 ], [ %50, %52 ], [ null, %46 ] %87 = phi %struct.dentry* [ %58, %62 ], [ %58, %77 ], [ %58, %73 ], [ %58, %68 ], [ %40, %52 ], [ %40, %46 ] %88 = phi %struct.dentry* [ %59, %62 ], [ %59, %77 ], [ %59, %73 ], [ %59, %68 ], [ %4, %52 ], [ %4, %46 ] %89 = phi i32 [ %64, %62 ], [ 0, %77 ], [ %75, %73 ], [ %66, %68 ], [ -16, %52 ], [ -16, %46 ] %90 = icmp eq %struct.dentry* %87, null br i1 %90, label %92, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %93)) #6 to label %107 [label %93], !srcloc !4 switch i32 %89, label %169 [ i32 0, label %108 i32 -2, label %161 ] %109 = icmp eq %struct.inode* %85, null br i1 %109, label %122, label %110 tail call void bitcast (void (%struct.dentry.149376*, %struct.dentry.149376*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %88) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %172 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #76 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %84, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222934*, %struct.dentry.222936*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #76 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %84 %85 = phi %struct.inode* [ %56, %62 ], [ %56, %77 ], [ %56, %73 ], [ %56, %68 ], [ %10, %52 ], [ %10, %46 ] %86 = phi %struct.dentry* [ %57, %62 ], [ %57, %77 ], [ %57, %73 ], [ %57, %68 ], [ %50, %52 ], [ null, %46 ] %87 = phi %struct.dentry* [ %58, %62 ], [ %58, %77 ], [ %58, %73 ], [ %58, %68 ], [ %40, %52 ], [ %40, %46 ] %88 = phi %struct.dentry* [ %59, %62 ], [ %59, %77 ], [ %59, %73 ], [ %59, %68 ], [ %4, %52 ], [ %4, %46 ] %89 = phi i32 [ %64, %62 ], [ 0, %77 ], [ %75, %73 ], [ %66, %68 ], [ -16, %52 ], [ -16, %46 ] %90 = icmp eq %struct.dentry* %87, null br i1 %90, label %92, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %93)) #6 to label %107 [label %93], !srcloc !4 switch i32 %89, label %169 [ i32 0, label %108 i32 -2, label %161 ] %109 = icmp eq %struct.inode* %85, null br i1 %109, label %122, label %110 tail call void bitcast (void (%struct.dentry.149376*, %struct.dentry.149376*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %88) #76 ------------- Good: 4 Bad: 3 Ignored: 3 Check Use of Function:e1000e_up Check Use of Function:create_io_thread Check Use of Function:dev_disable_lro Check Use of Function:rtnl_create_link Check Use of Function:do_trace_write_msr Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12252* %12 = icmp eq %struct.task_struct.12252* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #76 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %30 = trunc i64 %2 to i32 %31 = lshr i64 %2, 32 %32 = trunc i64 %31 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %30, i32 %32) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %33)) #6 to label %36 [label %33], !srcloc !13 call void @do_trace_write_msr(i32 -1073741566, i64 %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12252* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %8, i32 %6, i64 %5) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12252* %12 = icmp eq %struct.task_struct.12252* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #76 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %30 = trunc i64 %2 to i32 %31 = lshr i64 %2, 32 %32 = trunc i64 %31 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %30, i32 %32) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %33)) #6 to label %36 [label %33], !srcloc !13 call void @do_trace_write_msr(i32 -1073741566, i64 %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %39 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %40 = icmp ugt i64 %39, %2 br i1 %40, label %41, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %42 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !8 %43 = inttoptr i64 %42 to %struct.task_struct.12252* %44 = icmp eq %struct.task_struct.12252* %43, %0 br i1 %44, label %45, label %55 tail call void asm sideeffect "\09\09\09\09\09\09\0A1:\09movw $0, %fs\09\09\09\0A2:\09\09\09\09\09\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_clear_fs) - .\0A .popsection\0A", "rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i16 0) #6, !srcloc !16 %46 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %47 = and i64 %46, 4294967296 %48 = icmp eq i64 %47, 0 br i1 %48, label %50, label %49 %51 = trunc i64 %2 to i32 %52 = lshr i64 %2, 32 %53 = trunc i64 %52 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568, i32 %51, i32 %53) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %54)) #6 to label %57 [label %54], !srcloc !13 tail call void @do_trace_write_msr(i32 -1073741568, i64 %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12252* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %8, i32 %6, i64 %5) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %39 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %40 = icmp ugt i64 %39, %2 br i1 %40, label %41, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %42 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !8 %43 = inttoptr i64 %42 to %struct.task_struct.12252* %44 = icmp eq %struct.task_struct.12252* %43, %0 br i1 %44, label %45, label %55 tail call void asm sideeffect "\09\09\09\09\09\09\0A1:\09movw $0, %fs\09\09\09\0A2:\09\09\09\09\09\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_clear_fs) - .\0A .popsection\0A", "rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i16 0) #6, !srcloc !16 %46 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %47 = and i64 %46, 4294967296 %48 = icmp eq i64 %47, 0 br i1 %48, label %50, label %49 %51 = trunc i64 %2 to i32 %52 = lshr i64 %2, 32 %53 = trunc i64 %52 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568, i32 %51, i32 %53) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %54)) #6 to label %57 [label %54], !srcloc !13 tail call void @do_trace_write_msr(i32 -1073741568, i64 %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __wrgsbase_inactive 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12252* %12 = icmp eq %struct.task_struct.12252* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #76 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %24 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !9 %25 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call fastcc void @__wrgsbase_inactive(i64 %2) #76 Function:__wrgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__wrgsbase_inactive, %4), i8* blockaddress(@__wrgsbase_inactive, %3)) #6 to label %2 [label %4, label %3], !srcloc !4 %5 = trunc i64 %0 to i32 %6 = lshr i64 %0, 32 %7 = trunc i64 %6 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %5, i32 %7) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__wrgsbase_inactive, %8)) #6 to label %9 [label %8], !srcloc !8 tail call void @do_trace_write_msr(i32 -1073741566, i64 %0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __wrgsbase_inactive 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12252* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %8, i32 %6, i64 %5) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12252* %12 = icmp eq %struct.task_struct.12252* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #76 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %24 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !9 %25 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call fastcc void @__wrgsbase_inactive(i64 %2) #76 Function:__wrgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__wrgsbase_inactive, %4), i8* blockaddress(@__wrgsbase_inactive, %3)) #6 to label %2 [label %4, label %3], !srcloc !4 %5 = trunc i64 %0 to i32 %6 = lshr i64 %0, 32 %7 = trunc i64 %6 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %5, i32 %7) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__wrgsbase_inactive, %8)) #6 to label %9 [label %8], !srcloc !8 tail call void @do_trace_write_msr(i32 -1073741566, i64 %0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 br label %7 %8 = lshr i64 %0, 3 %9 = and i64 %8, 4 %10 = trunc i64 %9 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073676001, i32 %10, i32 0) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %11)) #6 to label %93 [label %11], !srcloc !8 call void @do_trace_write_msr(i32 -1073676001, i64 %9, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 br label %7 %8 = lshr i64 %0, 3 %9 = and i64 %8, 4 %10 = trunc i64 %9 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073676001, i32 %10, i32 0) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %11)) #6 to label %93 [label %11], !srcloc !8 call void @do_trace_write_msr(i32 -1073676001, i64 %9, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 %20 = and i64 %0, 32 %21 = icmp eq i64 %20, 0 %22 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %23 = select i1 %21, i64 0, i64 %22 %24 = or i64 %23, %17 %25 = trunc i64 %24 to i32 %26 = lshr i64 %24, 32 %27 = trunc i64 %26 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %25, i32 %27) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %28)) #6 to label %93 [label %28], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %24, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 %20 = and i64 %0, 32 %21 = icmp eq i64 %20, 0 %22 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %23 = select i1 %21, i64 0, i64 %22 %24 = or i64 %23, %17 %25 = trunc i64 %24 to i32 %26 = lshr i64 %24, 32 %27 = trunc i64 %26 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %25, i32 %27) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %28)) #6 to label %93 [label %28], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %24, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %34 = call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !10 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %93 %38 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %39 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %40 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %41 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %40, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %41) #76 %42 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %43 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %42, i64 0, i32 2 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %52 %47 = or i64 %38, %17 %48 = trunc i64 %47 to i32 %49 = lshr i64 %47, 32 %50 = trunc i64 %49 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %48, i32 %50) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %51)) #6 to label %52 [label %51], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %47, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %34 = call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !10 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %93 %38 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %39 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %40 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %41 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %40, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %41) #76 %42 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %43 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %42, i64 0, i32 2 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %52 %47 = or i64 %38, %17 %48 = trunc i64 %47 to i32 %49 = lshr i64 %47, 32 %50 = trunc i64 %49 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %48, i32 %50) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %51)) #6 to label %52 [label %51], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %47, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %61 = call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !13 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %66 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %67 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %66, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %67) #76 %68 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %69 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %68, i64 0, i32 2 %70 = load i32, i32* %69, align 4 %71 = add i32 %70, -1 store i32 %71, i32* %69, align 4 %72 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %73 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %72, i64 0, i32 2 %74 = load i32, i32* %73, align 4 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %81 %77 = trunc i64 %17 to i32 %78 = lshr i64 %17, 32 %79 = trunc i64 %78 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %77, i32 %79) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %80)) #6 to label %81 [label %80], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %17, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %61 = call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !13 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %66 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %67 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %66, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %67) #76 %68 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %69 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %68, i64 0, i32 2 %70 = load i32, i32* %69, align 4 %71 = add i32 %70, -1 store i32 %71, i32* %69, align 4 %72 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %73 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %72, i64 0, i32 2 %74 = load i32, i32* %73, align 4 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %81 %77 = trunc i64 %17 to i32 %78 = lshr i64 %17, 32 %79 = trunc i64 %78 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %77, i32 %79) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %80)) #6 to label %81 [label %80], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %17, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 607, i32 128, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 67), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %87)) #6 to label %86 [label %89, label %87], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 440, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %93)) #6 to label %88 [label %89, label %93], !srcloc !6 br label %89 %90 = lshr i64 %0, 3 %91 = and i64 %90, 4 %92 = or i64 %5, %91 br label %93 %94 = phi i1 [ false, %89 ], [ true, %87 ], [ true, %81 ], [ true, %60 ], [ true, %52 ], [ true, %33 ], [ true, %28 ], [ true, %19 ], [ true, %11 ], [ true, %7 ] %95 = phi i64 [ %92, %89 ], [ %5, %87 ], [ %5, %81 ], [ %5, %60 ], [ %5, %52 ], [ %5, %33 ], [ %5, %28 ], [ %5, %19 ], [ %5, %11 ], [ %5, %7 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @switch_to_cond_stibp to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@speculation_ctrl_update, %96)) #6 to label %100 [label %96], !srcloc !8 %97 = lshr i64 %0, 8 %98 = and i64 %97, 2 %99 = or i64 %95, %98 br label %101 %102 = phi i64 [ %99, %96 ], [ %95, %100 ] %103 = trunc i64 %102 to i32 %104 = lshr i64 %102, 32 %105 = trunc i64 %104 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 72, i32 %103, i32 %105) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %106)) #6 to label %107 [label %106], !srcloc !8 call void @do_trace_write_msr(i32 72, i64 %102, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #77 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #76 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #76 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #76 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 607, i32 128, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 67), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %87)) #6 to label %86 [label %89, label %87], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 440, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %93)) #6 to label %88 [label %89, label %93], !srcloc !6 br label %89 %90 = lshr i64 %0, 3 %91 = and i64 %90, 4 %92 = or i64 %5, %91 br label %93 %94 = phi i1 [ false, %89 ], [ true, %87 ], [ true, %81 ], [ true, %60 ], [ true, %52 ], [ true, %33 ], [ true, %28 ], [ true, %19 ], [ true, %11 ], [ true, %7 ] %95 = phi i64 [ %92, %89 ], [ %5, %87 ], [ %5, %81 ], [ %5, %60 ], [ %5, %52 ], [ %5, %33 ], [ %5, %28 ], [ %5, %19 ], [ %5, %11 ], [ %5, %7 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @switch_to_cond_stibp to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@speculation_ctrl_update, %96)) #6 to label %100 [label %96], !srcloc !8 %97 = lshr i64 %0, 8 %98 = and i64 %97, 2 %99 = or i64 %95, %98 br label %101 %102 = phi i64 [ %99, %96 ], [ %95, %100 ] %103 = trunc i64 %102 to i32 %104 = lshr i64 %102, 32 %105 = trunc i64 %104 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 72, i32 %103, i32 %105) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %106)) #6 to label %107 [label %106], !srcloc !8 call void @do_trace_write_msr(i32 72, i64 %102, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpuid_mode 1 do_arch_prctl_common 2 __ia32_compat_sys_arch_prctl ------------- Path:  Function:__ia32_compat_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 bitcast (i64 (%struct.task_struct*, i32, i64)* @do_arch_prctl_common to i64 (%struct.task_struct.12252*, i32, i64)*)(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_common switch i32 %1, label %15 [ i32 4113, label %4 i32 4114, label %12 ] %13 = tail call fastcc i32 @set_cpuid_mode(i64 %2) #76 Function:set_cpuid_mode %2 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 16) to i64*), align 8 %3 = and i64 %2, 8589934592 %4 = icmp eq i64 %3, 0 br i1 %4, label %34, label %5 %6 = icmp eq i64 %0, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 0, i32 0 br i1 %6, label %22, label %10 %11 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 15, i64* %9) #6, !srcloc !4 %12 = and i8 %11, 1 %13 = icmp eq i8 %12, 0 br i1 %13, label %21, label %14 %15 = tail call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow) #6, !srcloc !5 %16 = and i64 %15, -2 tail call void asm sideeffect "movq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow, i64 %16, i64* nonnull @msr_misc_features_shadow) #6, !srcloc !6 %17 = trunc i64 %16 to i32 %18 = lshr i64 %15, 32 %19 = trunc i64 %18 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 320, i32 %17, i32 %19) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpuid_mode, %20)) #6 to label %21 [label %20], !srcloc !8 tail call void @do_trace_write_msr(i32 320, i64 %16, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpuid_mode 1 do_arch_prctl_common 2 __ia32_compat_sys_arch_prctl ------------- Path:  Function:__ia32_compat_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 bitcast (i64 (%struct.task_struct*, i32, i64)* @do_arch_prctl_common to i64 (%struct.task_struct.12252*, i32, i64)*)(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_common switch i32 %1, label %15 [ i32 4113, label %4 i32 4114, label %12 ] %13 = tail call fastcc i32 @set_cpuid_mode(i64 %2) #76 Function:set_cpuid_mode %2 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 16) to i64*), align 8 %3 = and i64 %2, 8589934592 %4 = icmp eq i64 %3, 0 br i1 %4, label %34, label %5 %6 = icmp eq i64 %0, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 0, i32 0 br i1 %6, label %22, label %10 %23 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 15, i64* %9) #6, !srcloc !10 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %33 %27 = tail call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow) #6, !srcloc !5 %28 = or i64 %27, 1 tail call void asm sideeffect "movq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow, i64 %28, i64* nonnull @msr_misc_features_shadow) #6, !srcloc !6 %29 = trunc i64 %28 to i32 %30 = lshr i64 %27, 32 %31 = trunc i64 %30 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 320, i32 %29, i32 %31) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpuid_mode, %32)) #6 to label %33 [label %32], !srcloc !8 tail call void @do_trace_write_msr(i32 320, i64 %28, i32 0) #76 ------------- Good: 587 Bad: 18 Ignored: 3348 Check Use of Function:set_page_dirty_lock Check Use of Function:memcpy_toio Check Use of Function:ttm_bo_vm_access Check Use of Function:percpu_ref_kill_and_confirm Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %46 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 13 store %struct.ctx_rq_wait* %2, %struct.ctx_rq_wait** %46, align 32 %47 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 0 tail call void @percpu_ref_kill_and_confirm(%struct.percpu_ref* %47, void (%struct.percpu_ref*)* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %46 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 13 store %struct.ctx_rq_wait* %2, %struct.ctx_rq_wait** %46, align 32 %47 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 0 tail call void @percpu_ref_kill_and_confirm(%struct.percpu_ref* %47, void (%struct.percpu_ref*)* null) #76 ------------- Good: 28 Bad: 2 Ignored: 7 Check Use of Function:io_submit_flush_completions Check Use of Function:bprm_execve Check Use of Function:ext4_dirblock_csum_verify Check Use of Function:xfrm_user_policy Check Use of Function:copy_thread Check Use of Function:dev_uc_del Check Use of Function:xt_compat_add_offset Check Use of Function:unregister_pernet_subsys Check Use of Function:__starget_for_each_device Check Use of Function:pci_disable_msix Check Use of Function:vm_brk Check Use of Function:xt_request_find_match Check Use of Function:io_clean_op Check Use of Function:iommu_disable_protect_mem_regions Check Use of Function:init_mkdir Check Use of Function:__ieee80211_request_sched_scan_start Check Use of Function:pc_nvram_initialize Check Use of Function:bus_register_notifier Check Use of Function:local_bh_enable.66836 Check Use of Function:unpin_user_page Check Use of Function:__ext4_find_entry Use: =BAD PATH= Call Stack: 0 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.util_est* %9 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.153259*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry*)*)(%struct.dentry* %1) #76 %22 = call fastcc %struct.buffer_head* @__ext4_find_entry(%struct.inode* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #76 ------------- Good: 10 Bad: 1 Ignored: 3 Check Use of Function:handle_dots Check Use of Function:truncate_inode_pages Check Use of Function:vma_is_shmem Check Use of Function:pcie_walk_rcec Check Use of Function:isolate_lru_page Check Use of Function:ring_buffer_unlock_commit Check Use of Function:drm_connector_list_iter_end Check Use of Function:autofs_root_compat_ioctl Check Use of Function:intel_overlay_switch_off Check Use of Function:uts_proc_notify Check Use of Function:xt_target_to_user Check Use of Function:drm_crtc_check_viewport Check Use of Function:mod_node_page_state Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 __kmalloc_node 4 rb_alloc_aux 5 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114517, %struct.file.114517* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.114830** %5 = load %struct.perf_event.114830*, %struct.perf_event.114830** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.114999** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.114999**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.114999* %8 = getelementptr inbounds %struct.task_struct.114999, %struct.task_struct.114999* %7, i64 0, i32 85 %9 = load %struct.cred.114515*, %struct.cred.114515** %8, align 64 %10 = getelementptr inbounds %struct.cred.114515, %struct.cred.114515* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.114830*)*)(%struct.perf_event.114830* %5) #76 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.114803*, %struct.perf_event_context.114803** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.114803, %struct.perf_event_context.114803* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.114803*, %struct.perf_event_context.114803** %120, align 8 %122 = icmp eq %struct.perf_event_context.114803* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #76 %126 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #76 tail call void @mutex_lock(%struct.mutex* %125) #76 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.114999, %struct.task_struct.114999* %7, i64 0, i32 95 %172 = load %struct.signal_struct.114954*, %struct.signal_struct.114954** %171, align 32 %173 = getelementptr %struct.signal_struct.114954, %struct.signal_struct.114954* %172, i64 0, i32 49, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 6 %177 = load %struct.mm_struct.114908*, %struct.mm_struct.114908** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.114908, %struct.mm_struct.114908* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.114830*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.114830* %5, i64 %286, i32 %287, i64 %290, i32 %285) #76 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #76 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %29, !prof !4, !misexpect !5 %30 = tail call %struct.kmem_cache* @kmalloc_slab(i64 %0, i32 %1) #77 %31 = icmp ult %struct.kmem_cache* %30, inttoptr (i64 17 to %struct.kmem_cache*) br i1 %31, label %32, label %34, !prof !4, !misexpect !5 %36 = ptrtoint i8* %35 to i64 %37 = load i32, i32* @gfp_allowed_mask, align 4 %38 = and i32 %37, %1 %39 = and i32 %38, 1024 %40 = icmp eq i32 %39, 0 br i1 %40, label %43, label %41 %42 = tail call i32 @__cond_resched() #77 br label %43 %44 = tail call i32 @should_failslab(%struct.kmem_cache* %30, i32 %38) #77 %45 = icmp ne i32 %44, 0 %46 = icmp eq %struct.kmem_cache* %30, null %47 = or i1 %46, %45 br i1 %47, label %140, label %48 %49 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 0 %50 = icmp eq i32 %2, -1 %51 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 6 br label %52 %53 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %49, align 8 %54 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %53) #6, !srcloc !12 %55 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %56 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 1 %57 = load volatile i64, i64* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %58 = inttoptr i64 %54 to i8** %59 = load i8*, i8** %58, align 8 %60 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 2 %61 = load %struct.page*, %struct.page** %60, align 8 %62 = icmp ne i8* %59, null %63 = icmp ne %struct.page* %61, null %64 = and i1 %62, %63 %65 = bitcast i8* %59 to i8** br i1 %64, label %66, label %73, !prof !14 br i1 %50, label %76, label %67 %68 = getelementptr inbounds %struct.page, %struct.page* %61, i64 0, i32 0 %69 = load i64, i64* %68, align 16 %70 = lshr i64 %69, 58 %71 = trunc i64 %70 to i32 %72 = icmp eq i32 %71, %2 br i1 %72, label %76, label %73 %74 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %75 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %30, i32 %1, i32 %2, i64 %36, %struct.kmem_cache_cpu* %74) #77 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 %285 = phi i8* [ %259, %258 ], [ %283, %279 ] %286 = phi %struct.kmem_cache_cpu* [ %201, %258 ], [ %280, %279 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %287)) #6 to label %292 [label %287], !srcloc !38 %288 = load i32, i32* %17, align 8 %289 = and i32 %288, 2166016 %290 = icmp eq i32 %289, 0 %291 = load %struct.page*, %struct.page** %10, align 8 br i1 %290, label %297, label %294 %295 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %291, i8* %285, i64 %3) #77 %296 = icmp eq i32 %295, 0 br i1 %296, label %200, label %353 %354 = phi %struct.page* [ %298, %312 ], [ %291, %294 ] %355 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %356 = load i32, i32* %355, align 8 %357 = zext i32 %356 to i64 %358 = getelementptr i8, i8* %285, i64 %357 %359 = bitcast i8* %358 to i8** %360 = load i8*, i8** %359, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %354, i8* %360) #77 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %139, %219 ] %95 = phi i32 [ 0, %72 ], [ %142, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i64 [ %94, %122 ], [ %125, %124 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %140 = phi i1 [ true, %122 ], [ true, %124 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %141 = phi i1 [ false, %122 ], [ false, %124 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %142 = phi i32 [ 1, %122 ], [ 1, %124 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %143 = phi i32 [ 1, %122 ], [ 1, %124 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %142 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %140, label %163, label %172 br i1 %141, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %140, %141 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #76 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #76 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #76 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #77 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 get_task_io_context 6 set_task_ioprio 7 __se_sys_ioprio_set 8 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #76 %14 = load %struct.io_context.295170*, %struct.io_context.295170** %10, align 8 %15 = icmp eq %struct.io_context.295170* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295207* %0, i32 %1, i32 %2) #77 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 %285 = phi i8* [ %259, %258 ], [ %283, %279 ] %286 = phi %struct.kmem_cache_cpu* [ %201, %258 ], [ %280, %279 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %287)) #6 to label %292 [label %287], !srcloc !38 %288 = load i32, i32* %17, align 8 %289 = and i32 %288, 2166016 %290 = icmp eq i32 %289, 0 %291 = load %struct.page*, %struct.page** %10, align 8 br i1 %290, label %297, label %294 %295 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %291, i8* %285, i64 %3) #77 %296 = icmp eq i32 %295, 0 br i1 %296, label %200, label %353 %354 = phi %struct.page* [ %298, %312 ], [ %291, %294 ] %355 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %356 = load i32, i32* %355, align 8 %357 = zext i32 %356 to i64 %358 = getelementptr i8, i8* %285, i64 %357 %359 = bitcast i8* %358 to i8** %360 = load i8*, i8** %359, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %354, i8* %360) #77 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %139, %219 ] %95 = phi i32 [ 0, %72 ], [ %142, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i64 [ %94, %122 ], [ %125, %124 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %140 = phi i1 [ true, %122 ], [ true, %124 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %141 = phi i1 [ false, %122 ], [ false, %124 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %142 = phi i32 [ 1, %122 ], [ 1, %124 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %143 = phi i32 [ 1, %122 ], [ 1, %124 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %142 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %140, label %163, label %172 br i1 %141, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %140, %141 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #76 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #76 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #76 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #77 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 get_task_io_context 6 set_task_ioprio 7 __se_sys_ioprio_set 8 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #76 %14 = load %struct.io_context.295170*, %struct.io_context.295170** %10, align 8 %15 = icmp eq %struct.io_context.295170* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295207* %0, i32 %1, i32 %2) #77 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 %285 = phi i8* [ %259, %258 ], [ %283, %279 ] %286 = phi %struct.kmem_cache_cpu* [ %201, %258 ], [ %280, %279 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %287)) #6 to label %292 [label %287], !srcloc !38 %288 = load i32, i32* %17, align 8 %289 = and i32 %288, 2166016 %290 = icmp eq i32 %289, 0 %291 = load %struct.page*, %struct.page** %10, align 8 br i1 %290, label %297, label %294 %295 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %291, i8* %285, i64 %3) #77 %296 = icmp eq i32 %295, 0 br i1 %296, label %200, label %353 %354 = phi %struct.page* [ %298, %312 ], [ %291, %294 ] %355 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %356 = load i32, i32* %355, align 8 %357 = zext i32 %356 to i64 %358 = getelementptr i8, i8* %285, i64 %357 %359 = bitcast i8* %358 to i8** %360 = load i8*, i8** %359, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %354, i8* %360) #77 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %139, %219 ] %95 = phi i32 [ 0, %72 ], [ %142, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i64 [ %94, %122 ], [ %125, %124 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %140 = phi i1 [ true, %122 ], [ true, %124 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %141 = phi i1 [ false, %122 ], [ false, %124 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %142 = phi i32 [ 1, %122 ], [ 1, %124 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %143 = phi i32 [ 1, %122 ], [ 1, %124 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %142 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %140, label %163, label %172 br i1 %141, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %140, %141 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #76 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #76 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #76 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #77 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 submit_bio_checks 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.700572*, align 8 store %struct.bio.700572* %0, %struct.bio.700572** %2, align 8 %3 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 1 %4 = load %struct.block_device.700569*, %struct.block_device.700569** %3, align 8 %5 = getelementptr inbounds %struct.block_device.700569, %struct.block_device.700569* %4, i64 0, i32 16 %6 = load %struct.gendisk.700393*, %struct.gendisk.700393** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.700393, %struct.gendisk.700393* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #76 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.700572**)*)(%struct.bio.700572** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.295627* %0) #77 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = tail call i32 @__cond_resched() #76 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.295667* %12 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 2048 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 123 %178 = load %struct.io_context.295588*, %struct.io_context.295588** %177, align 8 %179 = icmp eq %struct.io_context.295588* %178, null br i1 %179, label %180, label %185, !prof !15, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295207*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.295667*, i32, i32)*)(%struct.task_struct.295667* %11, i32 2592, i32 %182) #76 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 %285 = phi i8* [ %259, %258 ], [ %283, %279 ] %286 = phi %struct.kmem_cache_cpu* [ %201, %258 ], [ %280, %279 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %287)) #6 to label %292 [label %287], !srcloc !38 %288 = load i32, i32* %17, align 8 %289 = and i32 %288, 2166016 %290 = icmp eq i32 %289, 0 %291 = load %struct.page*, %struct.page** %10, align 8 br i1 %290, label %297, label %294 %295 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %291, i8* %285, i64 %3) #77 %296 = icmp eq i32 %295, 0 br i1 %296, label %200, label %353 %354 = phi %struct.page* [ %298, %312 ], [ %291, %294 ] %355 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %356 = load i32, i32* %355, align 8 %357 = zext i32 %356 to i64 %358 = getelementptr i8, i8* %285, i64 %357 %359 = bitcast i8* %358 to i8** %360 = load i8*, i8** %359, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %354, i8* %360) #77 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %139, %219 ] %95 = phi i32 [ 0, %72 ], [ %142, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i64 [ %94, %122 ], [ %125, %124 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %140 = phi i1 [ true, %122 ], [ true, %124 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %141 = phi i1 [ false, %122 ], [ false, %124 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %142 = phi i32 [ 1, %122 ], [ 1, %124 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %143 = phi i32 [ 1, %122 ], [ 1, %124 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %142 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %140, label %163, label %172 br i1 %141, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %140, %141 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #76 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #76 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #76 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #77 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 submit_bio_checks 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.299652*, align 8 store %struct.bio.299652* %0, %struct.bio.299652** %2, align 8 %3 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 1 %8 = load %struct.block_device.299712*, %struct.block_device.299712** %7, align 8 %9 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %8, i64 0, i32 16 %10 = load %struct.gendisk.299710*, %struct.gendisk.299710** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.299652**)*)(%struct.bio.299652** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.295627* %0) #77 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = tail call i32 @__cond_resched() #76 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.295667* %12 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 2048 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 123 %178 = load %struct.io_context.295588*, %struct.io_context.295588** %177, align 8 %179 = icmp eq %struct.io_context.295588* %178, null br i1 %179, label %180, label %185, !prof !15, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295207*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.295667*, i32, i32)*)(%struct.task_struct.295667* %11, i32 2592, i32 %182) #76 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 %285 = phi i8* [ %259, %258 ], [ %283, %279 ] %286 = phi %struct.kmem_cache_cpu* [ %201, %258 ], [ %280, %279 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %287)) #6 to label %292 [label %287], !srcloc !38 %288 = load i32, i32* %17, align 8 %289 = and i32 %288, 2166016 %290 = icmp eq i32 %289, 0 %291 = load %struct.page*, %struct.page** %10, align 8 br i1 %290, label %297, label %294 %295 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %291, i8* %285, i64 %3) #77 %296 = icmp eq i32 %295, 0 br i1 %296, label %200, label %353 %354 = phi %struct.page* [ %298, %312 ], [ %291, %294 ] %355 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %356 = load i32, i32* %355, align 8 %357 = zext i32 %356 to i64 %358 = getelementptr i8, i8* %285, i64 %357 %359 = bitcast i8* %358 to i8** %360 = load i8*, i8** %359, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %354, i8* %360) #77 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %139, %219 ] %95 = phi i32 [ 0, %72 ], [ %142, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i64 [ %94, %122 ], [ %125, %124 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %140 = phi i1 [ true, %122 ], [ true, %124 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %141 = phi i1 [ false, %122 ], [ false, %124 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %142 = phi i32 [ 1, %122 ], [ 1, %124 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %143 = phi i32 [ 1, %122 ], [ 1, %124 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %142 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %140, label %163, label %172 br i1 %141, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %140, %141 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #76 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #76 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #76 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #77 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 __kmalloc_node 3 rb_alloc_aux 4 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114517, %struct.file.114517* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.114830** %5 = load %struct.perf_event.114830*, %struct.perf_event.114830** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.114999** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.114999**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.114999* %8 = getelementptr inbounds %struct.task_struct.114999, %struct.task_struct.114999* %7, i64 0, i32 85 %9 = load %struct.cred.114515*, %struct.cred.114515** %8, align 64 %10 = getelementptr inbounds %struct.cred.114515, %struct.cred.114515* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.114830*)*)(%struct.perf_event.114830* %5) #76 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.114803*, %struct.perf_event_context.114803** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.114803, %struct.perf_event_context.114803* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.114803*, %struct.perf_event_context.114803** %120, align 8 %122 = icmp eq %struct.perf_event_context.114803* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #76 %126 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #76 tail call void @mutex_lock(%struct.mutex* %125) #76 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.114999, %struct.task_struct.114999* %7, i64 0, i32 95 %172 = load %struct.signal_struct.114954*, %struct.signal_struct.114954** %171, align 32 %173 = getelementptr %struct.signal_struct.114954, %struct.signal_struct.114954* %172, i64 0, i32 49, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 6 %177 = load %struct.mm_struct.114908*, %struct.mm_struct.114908** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.114908, %struct.mm_struct.114908* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.114830*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.114830* %5, i64 %286, i32 %287, i64 %290, i32 %285) #76 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #76 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %29, !prof !4, !misexpect !5 %30 = tail call %struct.kmem_cache* @kmalloc_slab(i64 %0, i32 %1) #77 %31 = icmp ult %struct.kmem_cache* %30, inttoptr (i64 17 to %struct.kmem_cache*) br i1 %31, label %32, label %34, !prof !4, !misexpect !5 %36 = ptrtoint i8* %35 to i64 %37 = load i32, i32* @gfp_allowed_mask, align 4 %38 = and i32 %37, %1 %39 = and i32 %38, 1024 %40 = icmp eq i32 %39, 0 br i1 %40, label %43, label %41 %42 = tail call i32 @__cond_resched() #77 br label %43 %44 = tail call i32 @should_failslab(%struct.kmem_cache* %30, i32 %38) #77 %45 = icmp ne i32 %44, 0 %46 = icmp eq %struct.kmem_cache* %30, null %47 = or i1 %46, %45 br i1 %47, label %140, label %48 %49 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 0 %50 = icmp eq i32 %2, -1 %51 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 6 br label %52 %53 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %49, align 8 %54 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %53) #6, !srcloc !12 %55 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %56 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 1 %57 = load volatile i64, i64* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %58 = inttoptr i64 %54 to i8** %59 = load i8*, i8** %58, align 8 %60 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 2 %61 = load %struct.page*, %struct.page** %60, align 8 %62 = icmp ne i8* %59, null %63 = icmp ne %struct.page* %61, null %64 = and i1 %62, %63 %65 = bitcast i8* %59 to i8** br i1 %64, label %66, label %73, !prof !14 br i1 %50, label %76, label %67 %68 = getelementptr inbounds %struct.page, %struct.page* %61, i64 0, i32 0 %69 = load i64, i64* %68, align 16 %70 = lshr i64 %69, 58 %71 = trunc i64 %70 to i32 %72 = icmp eq i32 %71, %2 br i1 %72, label %76, label %73 %74 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %75 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %30, i32 %1, i32 %2, i64 %36, %struct.kmem_cache_cpu* %74) #77 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #76 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #76 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 get_task_io_context 5 set_task_ioprio 6 __se_sys_ioprio_set 7 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #76 %14 = load %struct.io_context.295170*, %struct.io_context.295170** %10, align 8 %15 = icmp eq %struct.io_context.295170* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295207* %0, i32 %1, i32 %2) #77 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #76 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #76 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 get_task_io_context 5 set_task_ioprio 6 __se_sys_ioprio_set 7 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #76 %14 = load %struct.io_context.295170*, %struct.io_context.295170** %10, align 8 %15 = icmp eq %struct.io_context.295170* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295207* %0, i32 %1, i32 %2) #77 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #76 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #76 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 submit_bio_checks 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.700572*, align 8 store %struct.bio.700572* %0, %struct.bio.700572** %2, align 8 %3 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 1 %4 = load %struct.block_device.700569*, %struct.block_device.700569** %3, align 8 %5 = getelementptr inbounds %struct.block_device.700569, %struct.block_device.700569* %4, i64 0, i32 16 %6 = load %struct.gendisk.700393*, %struct.gendisk.700393** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.700393, %struct.gendisk.700393* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #76 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.700572**)*)(%struct.bio.700572** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.295627* %0) #77 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = tail call i32 @__cond_resched() #76 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.295667* %12 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 2048 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 123 %178 = load %struct.io_context.295588*, %struct.io_context.295588** %177, align 8 %179 = icmp eq %struct.io_context.295588* %178, null br i1 %179, label %180, label %185, !prof !15, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295207*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.295667*, i32, i32)*)(%struct.task_struct.295667* %11, i32 2592, i32 %182) #76 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #76 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #76 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #76 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 submit_bio_checks 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.299652*, align 8 store %struct.bio.299652* %0, %struct.bio.299652** %2, align 8 %3 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 1 %8 = load %struct.block_device.299712*, %struct.block_device.299712** %7, align 8 %9 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %8, i64 0, i32 16 %10 = load %struct.gendisk.299710*, %struct.gendisk.299710** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.299652**)*)(%struct.bio.299652** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.295627* %0) #77 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = tail call i32 @__cond_resched() #76 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.295667* %12 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 2048 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 123 %178 = load %struct.io_context.295588*, %struct.io_context.295588** %177, align 8 %179 = icmp eq %struct.io_context.295588* %178, null br i1 %179, label %180, label %185, !prof !15, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295207*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.295667*, i32, i32)*)(%struct.task_struct.295667* %11, i32 2592, i32 %182) #76 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #76 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #76 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.123922*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #76 ------------- Good: 1184 Bad: 10 Ignored: 1250 Check Use of Function:do_move_mount Check Use of Function:netlbl_calipso_genl_init Check Use of Function:pgprot_writecombine Check Use of Function:cgroup_cancel_fork Check Use of Function:rate_control_rate_update Check Use of Function:exit_swap_address_space Check Use of Function:compat_table_info.68087 Check Use of Function:acpi_ec_init Check Use of Function:get_device Use: =BAD PATH= Call Stack: 0 xps_cpus_show ------------- Path:  Function:xps_cpus_show %3 = getelementptr inbounds %struct.netdev_queue.767814, %struct.netdev_queue.767814* %0, i64 0, i32 0 %4 = load %struct.net_device.767860*, %struct.net_device.767860** %3, align 64 %5 = getelementptr inbounds %struct.net_device.767860, %struct.net_device.767860* %4, i64 0, i32 88 %6 = load i32, i32* %5, align 8 %7 = icmp ugt i32 %6, 1 br i1 %7, label %8, label %40 %9 = getelementptr inbounds %struct.net_device.767860, %struct.net_device.767860* %4, i64 0, i32 87 %10 = bitcast %struct.netdev_queue.767814** %9 to i64* %11 = load i64, i64* %10, align 64 %12 = ptrtoint %struct.netdev_queue.767814* %0 to i64 %13 = sub i64 %12, %11 %14 = sdiv exact i64 %13, 320 %15 = trunc i64 %14 to i32 %16 = icmp ugt i32 %6, %15 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = tail call i32 @rtnl_trylock() #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %25 = load %struct.netdev_queue.767814*, %struct.netdev_queue.767814** %9, align 64 %26 = and i64 %14, 4294967295 %27 = getelementptr %struct.netdev_queue.767814, %struct.netdev_queue.767814* %25, i64 %26, i32 7 %28 = load %struct.net_device.767860*, %struct.net_device.767860** %27, align 16 %29 = icmp eq %struct.net_device.767860* %28, null %30 = select i1 %29, %struct.net_device.767860* %4, %struct.net_device.767860* %28 %31 = tail call i32 bitcast (i32 (%struct.net_device.757749*, i32)* @netdev_txq_to_tc to i32 (%struct.net_device.767860*, i32)*)(%struct.net_device.767860* %30, i32 %15) #76 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.net_device.767860, %struct.net_device.767860* %30, i64 0, i32 113 %36 = tail call %struct.device.767528* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.767528* (%struct.device.767528*)*)(%struct.device.767528* %35) #76 ------------- Use: =BAD PATH= Call Stack: 0 scsi_device_get 1 sg_open ------------- Path:  Function:sg_open %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.inode.294857, %struct.inode.294857* %0, i64 0, i32 13 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %1, i64 0, i32 7 %8 = load i32, i32* %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*, %struct.file*)* @nonseekable_open to i32 (%struct.inode.294857*, %struct.file.294777*)*)(%struct.inode.294857* %0, %struct.file.294777* %1) #76 %10 = trunc i32 %8 to i8 %11 = icmp sgt i8 %10, -1 %12 = xor i1 %11, true %13 = and i32 %8, 3 %14 = icmp eq i32 %13, 0 %15 = and i1 %14, %12 br i1 %15, label %358, label %16 %17 = and i32 %6, 1048575 %18 = tail call i64 @_raw_read_lock_irqsave(%struct.rwlock_t* nonnull @sg_index_lock) #76 %19 = zext i32 %17 to i64 %20 = tail call i8* @idr_find(%struct.idr* nonnull @sg_index_idr, i64 %19) #76 %21 = bitcast i8* %20 to %struct.sg_device* %22 = icmp eq i8* %20, null br i1 %22, label %38, label %23 %24 = getelementptr inbounds i8, i8* %20, i64 96 %25 = bitcast i8* %24 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %38 %29 = getelementptr inbounds i8, i8* %20, i64 152 %30 = bitcast i8* %29 to %struct.seqcount_spinlock* %31 = bitcast i8* %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !4 %33 = icmp eq i32 %32, 0 br i1 %33, label %40, label %34, !prof !5, !misexpect !6 %35 = add i32 %32, 1 %36 = or i32 %35, %32 %37 = icmp sgt i32 %36, -1 br i1 %37, label %42, label %40, !prof !7, !misexpect !6 %41 = phi i32 [ 2, %28 ], [ 1, %34 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 %41) #76 br label %42 tail call void @_raw_read_unlock_irqrestore(%struct.rwlock_t* nonnull @sg_index_lock, i64 %18) #76 %43 = icmp ugt i8* %20, inttoptr (i64 -4096 to i8*) br i1 %43, label %44, label %48 %49 = bitcast i8* %20 to %struct.scsi_device.625868** %50 = load %struct.scsi_device.625868*, %struct.scsi_device.625868** %49, align 8 %51 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.625868*)*)(%struct.scsi_device.625868* %50) #76 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 62 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 49 %8 = tail call %struct.device.617410* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.617410* (%struct.device.617410*)*)(%struct.device.617410* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 scsi_device_get 1 sdev_store_delete ------------- Path:  Function:sdev_store_delete %5 = getelementptr %struct.device.617410, %struct.device.617410* %0, i64 -1, i32 11, i32 8, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.620927* %7 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.620927*)*)(%struct.scsi_device.620927* %6) #76 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 62 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 49 %8 = tail call %struct.device.617410* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.617410* (%struct.device.617410*)*)(%struct.device.617410* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_dev_get 1 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46522, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46523, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %305 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** @vga_default, align 8 %306 = call %struct.pci_dev.317892* @pci_dev_get(%struct.pci_dev.317892* %305) #76 Function:pci_dev_get %2 = icmp eq %struct.pci_dev.317892* %0, null br i1 %2, label %6, label %3 %4 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46 %5 = tail call %struct.device* @get_device(%struct.device* %4) #76 ------------- Good: 149 Bad: 4 Ignored: 168 Check Use of Function:cfg80211_iftype_allowed Check Use of Function:rtc_dev_compat_ioctl Check Use of Function:copy_page_from_iter Check Use of Function:skb_copy_expand Check Use of Function:send_sig_info Use: =BAD PATH= Call Stack: 0 send_sig 1 generic_write_checks 2 nfs_file_direct_write 3 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.215312, %struct.kiocb.215312* %0, i64 0, i32 0 %4 = load %struct.file.215754*, %struct.file.215754** %3, align 8 %5 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %4, i64 0, i32 2 %6 = load %struct.inode.215746*, %struct.inode.215746** %5, align 8 %7 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %6, i64 0, i32 8 %8 = load %struct.super_block.215732*, %struct.super_block.215732** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215891** %11 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215754*, %struct.inode.215746*)*)(%struct.file.215754* %4, %struct.inode.215746* %6) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.215312, %struct.kiocb.215312* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %24 = tail call i64 bitcast (i64 (%struct.kiocb.219114*, %struct.iov_iter*)* @nfs_file_direct_write to i64 (%struct.kiocb.215312*, %struct.iov_iter*)*)(%struct.kiocb.215312* %0, %struct.iov_iter* %1) #76 Function:nfs_file_direct_write %3 = alloca %struct.nfs_pageio_descriptor, align 8 %4 = alloca %struct.page.219111**, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.kiocb.219114, %struct.kiocb.219114* %0, i64 0, i32 0 %7 = load %struct.file.219700*, %struct.file.219700** %6, align 8 %8 = getelementptr inbounds %struct.file.219700, %struct.file.219700* %7, i64 0, i32 18 %9 = load %struct.address_space.219108*, %struct.address_space.219108** %8, align 8 %10 = getelementptr inbounds %struct.address_space.219108, %struct.address_space.219108* %9, i64 0, i32 0 %11 = load %struct.inode.219694*, %struct.inode.219694** %10, align 8 %12 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_write_checks to i64 (%struct.kiocb.219114*, %struct.iov_iter*)*)(%struct.kiocb.219114* %0, %struct.iov_iter* %1) #76 Function:generic_write_checks %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 256 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %69 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %69, label %17 %18 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %27 = and i32 %19, 131080 %28 = icmp eq i32 %27, 8 br i1 %28, label %69, label %29 %30 = load i64, i64* %14, align 8 %31 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = load %struct.address_space*, %struct.address_space** %5, align 8 %34 = getelementptr inbounds %struct.address_space, %struct.address_space* %33, i64 0, i32 0 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 8 %37 = load %struct.super_block*, %struct.super_block** %36, align 8 %38 = getelementptr inbounds %struct.super_block, %struct.super_block* %37, i64 0, i32 4 %39 = load i64, i64* %38, align 32 %40 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %41 = inttoptr i64 %40 to %struct.task_struct* %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %41, i64 0, i32 95 %43 = load %struct.signal_struct*, %struct.signal_struct** %42, align 32 %44 = getelementptr %struct.signal_struct, %struct.signal_struct* %43, i64 0, i32 49, i64 1, i32 0 %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, -1 br i1 %46, label %55, label %47 %48 = icmp sgt i64 %45, %32 br i1 %48, label %51, label %49 %50 = tail call i32 @send_sig(i32 25, %struct.task_struct* %41, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 inode_newsize_ok 2 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %1, i64 0, i32 5 %5 = load %struct.inode.217383*, %struct.inode.217383** %4, align 8 %6 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 8 %7 = load %struct.super_block.217367*, %struct.super_block.217367** %6, align 8 %8 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217511** %10 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150157*, i64)* @inode_newsize_ok to i32 (%struct.inode.217383*, i64)*)(%struct.inode.217383* %5, i64 %32) #76 Function:inode_newsize_ok %3 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, %1 br i1 %5, label %6, label %20 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.150265* %9 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %8, i64 0, i32 95 %10 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %9, align 32 %11 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %10, i64 0, i32 49, i64 1, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp ult i64 %12, %1 br i1 %13, label %26, label %14 %27 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %8, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 inode_newsize_ok 2 nfs_setattr 3 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 17, i32 1 %7 = bitcast i64* %6 to i16* %8 = load i16, i16* %7, align 2 %9 = icmp eq i16 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.217372*, %struct.iattr.217374*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %1, i64 0, i32 5 %5 = load %struct.inode.217383*, %struct.inode.217383** %4, align 8 %6 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 8 %7 = load %struct.super_block.217367*, %struct.super_block.217367** %6, align 8 %8 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217511** %10 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150157*, i64)* @inode_newsize_ok to i32 (%struct.inode.217383*, i64)*)(%struct.inode.217383* %5, i64 %32) #76 Function:inode_newsize_ok %3 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, %1 br i1 %5, label %6, label %20 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.150265* %9 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %8, i64 0, i32 95 %10 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %9, align 32 %11 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %10, i64 0, i32 49, i64 1, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp ult i64 %12, %1 br i1 %13, label %26, label %14 %27 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %8, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273376*, %struct.iattr.273378*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273376* %1, %struct.iattr.273378* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 notify_change 4 file_remove_privs 5 __generic_file_write_iter 6 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 ------------- Good: 53 Bad: 23 Ignored: 149 Check Use of Function:ieee80211_free_keys Check Use of Function:i915_request_add Check Use of Function:swap_type_of Check Use of Function:put_sg_io_hdr Use: =BAD PATH= Call Stack: 0 sg_new_read 1 sg_read ------------- Path:  Function:sg_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 12 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.294752** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.294752**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.294752* %10 = getelementptr inbounds %struct.task_struct.294752, %struct.task_struct.294752* %9, i64 0, i32 84 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = icmp eq %struct.cred* %7, %11 br i1 %12, label %19, label %13 %20 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.sg_fd** %22 = load %struct.sg_fd*, %struct.sg_fd** %21, align 8 %23 = icmp eq %struct.sg_fd* %22, null br i1 %23, label %474, label %24 %25 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 1 %26 = load %struct.sg_device*, %struct.sg_device** %25, align 8 %27 = icmp eq %struct.sg_device* %26, null br i1 %27, label %474, label %28 %29 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 11 %30 = load i8, i8* %29, align 8 %31 = icmp ne i8 %30, 0 %32 = icmp ugt i64 %2, 35 %33 = and i1 %32, %31 br i1 %33, label %34, label %83 %84 = phi i32 [ %74, %71 ], [ -1, %28 ], [ -1, %64 ] %85 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 3 %86 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #76 %87 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 8 %88 = bitcast %struct.list_head* %87 to %struct.sg_request** %89 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %90 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %113, label %92 %93 = icmp eq i32 %84, -1 br label %94 %95 = phi %struct.sg_request* [ %89, %92 ], [ %110, %108 ] %96 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 8 %97 = load i8, i8* %96, align 1 %98 = icmp eq i8 %97, 1 br i1 %98, label %99, label %108 %100 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 7 %101 = load i8, i8* %100, align 2 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %108 br i1 %93, label %114, label %104 %105 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 3, i32 11 %106 = load i32, i32* %105, align 8 %107 = icmp eq i32 %106, %84 br i1 %107, label %114, label %108 %109 = bitcast %struct.sg_request* %95 to %struct.sg_request** %110 = load %struct.sg_request*, %struct.sg_request** %109, align 8 %111 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %110, i64 0, i32 0 %112 = icmp eq %struct.list_head* %111, %87 br i1 %112, label %113, label %94 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %86) #76 br label %117 %118 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %26, i64 0, i32 7, i32 0 %119 = load volatile i32, i32* %118, align 4 %120 = icmp eq i32 %119, 0 br i1 %120, label %121, label %474 %122 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 7 %123 = load i32, i32* %122, align 8 %124 = and i32 %123, 2048 %125 = icmp eq i32 %124, 0 br i1 %125, label %126, label %474 %127 = tail call i32 @__cond_resched() #76 %128 = load volatile i32, i32* %118, align 4 %129 = icmp eq i32 %128, 0 br i1 %129, label %130, label %209 %131 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #76 %132 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %133 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 0 %134 = icmp eq %struct.list_head* %133, %87 br i1 %134, label %156, label %135 %136 = icmp eq i32 %84, -1 br label %137 %138 = phi %struct.sg_request* [ %132, %135 ], [ %153, %151 ] %139 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 8 %140 = load i8, i8* %139, align 1 %141 = icmp eq i8 %140, 1 br i1 %141, label %142, label %151 %143 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 7 %144 = load i8, i8* %143, align 2 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %151 br i1 %136, label %157, label %147 %158 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 8 store i8 2, i8* %158, align 1 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %131) #76 %159 = icmp eq %struct.sg_request* %138, null br i1 %159, label %160, label %209 %210 = phi %struct.sg_request* [ null, %126 ], [ %138, %157 ], [ %207, %205 ] %211 = phi i32 [ 0, %126 ], [ 0, %157 ], [ %208, %205 ] %212 = load volatile i32, i32* %118, align 4 %213 = icmp eq i32 %212, 0 br i1 %213, label %214, label %474 %215 = icmp eq i32 %211, 0 br i1 %215, label %218, label %216 %219 = phi %struct.sg_request* [ %95, %114 ], [ %210, %214 ] %220 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %219, i64 0, i32 3, i32 0 %221 = load i32, i32* %220, align 8 %222 = icmp eq i32 %221, 0 br i1 %222, label %225, label %223 %224 = call fastcc i64 @sg_new_read(%struct.sg_fd* nonnull %22, i8* %1, i64 %2, %struct.sg_request* %219) #78 Function:sg_new_read %5 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.294752** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.294752**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.294752* %8 = getelementptr inbounds %struct.task_struct.294752, %struct.task_struct.294752* %7, i64 0, i32 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = icmp ult i64 %2, 88 br i1 %15, label %70, label %16 %17 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 16 store i8 0, i8* %17, align 1 %18 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 3 %19 = load i8, i8* %18, align 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %52, label %21 %22 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 8 %23 = load i8*, i8** %22, align 8 %24 = icmp eq i8* %23, null br i1 %24, label %52, label %25 %26 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 14 %27 = load i8, i8* %26, align 1 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %35 %36 = icmp ult i8 %19, 96 %37 = select i1 %36, i8 %19, i8 96 %38 = zext i8 %37 to i32 %39 = getelementptr %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 7 %40 = load i8, i8* %39, align 1 %41 = zext i8 %40 to i32 %42 = add nuw nsw i32 %41, 8 %43 = icmp ugt i32 %42, %38 %44 = select i1 %43, i32 %38, i32 %42 %45 = zext i32 %44 to i64 %46 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 0 %47 = tail call i64 @_copy_to_user(i8* nonnull %23, i8* %46, i64 %45) #76 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %70 %50 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 18 store i16 8, i16* %50, align 2 %51 = trunc i32 %44 to i8 store i8 %51, i8* %17, align 1 br label %52 %53 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 14 %54 = load i8, i8* %53, align 1 %55 = icmp eq i8 %54, 0 br i1 %55, label %56, label %64 %57 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 17 %58 = load i16, i16* %57, align 4 %59 = icmp eq i16 %58, 0 br i1 %59, label %60, label %64 %61 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 18 %62 = load i16, i16* %61, align 2 %63 = icmp eq i16 %62, 0 br i1 %63, label %68, label %64 %69 = tail call i32 @put_sg_io_hdr(%struct.sg_io_hdr* %5, i8* %1) #76 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:lookup_user_key Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %293 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %293 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #76 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %273 = trunc i64 %1 to i32 %274 = trunc i64 %2 to i32 %275 = trunc i64 %3 to i32 %276 = trunc i64 %4 to i32 %277 = tail call i64 @keyctl_keyring_move(i32 %273, i32 %274, i32 %275, i32 %276) #76 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %273 = trunc i64 %1 to i32 %274 = trunc i64 %2 to i32 %275 = trunc i64 %3 to i32 %276 = trunc i64 %4 to i32 %277 = tail call i64 @keyctl_keyring_move(i32 %273, i32 %274, i32 %275, i32 %276) #76 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %75 = inttoptr i64 %9 to i8* %76 = inttoptr i64 %12 to i8* %77 = tail call i64 @keyctl_restrict_keyring(i32 %17, i8* %75, i8* %76) #76 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #76 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #76 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %73 = tail call i64 @keyctl_invalidate_key(i32 %17) #76 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #76 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #76 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %66 = tail call i64 @keyctl_session_to_parent() #76 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %219 = tail call i64 @keyctl_session_to_parent() #76 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %219 = tail call i64 @keyctl_session_to_parent() #76 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %63 = inttoptr i64 %9 to i8* %64 = tail call i64 @keyctl_get_security(i32 %17, i8* %63, i64 %12) #76 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %215 = trunc i64 %1 to i32 %216 = inttoptr i64 %2 to i8* %217 = tail call i64 @keyctl_get_security(i32 %215, i8* %216, i64 %3) #76 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %215 = trunc i64 %1 to i32 %216 = inttoptr i64 %2 to i8* %217 = tail call i64 @keyctl_get_security(i32 %215, i8* %216, i64 %3) #76 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %59 = tail call i64 @keyctl_set_timeout(i32 %17, i32 %18) #76 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %208 = trunc i64 %1 to i32 %209 = trunc i64 %2 to i32 %210 = tail call i64 @keyctl_set_timeout(i32 %208, i32 %209) #76 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %208 = trunc i64 %1 to i32 %209 = trunc i64 %2 to i32 %210 = tail call i64 @keyctl_set_timeout(i32 %208, i32 %209) #76 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %68 = tail call i64 @keyctl_reject_key(i32 %17, i32 %18, i32 %19, i32 %20) #76 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269351** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269351**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.269351* %7 = getelementptr inbounds %struct.task_struct.269351, %struct.task_struct.269351* %6, i64 0, i32 85 %8 = load %struct.cred.269051*, %struct.cred.269051** %7, align 64 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.269051, %struct.cred.269051* %8, i64 0, i32 19 %16 = load %struct.key.269026*, %struct.key.269026** %15, align 8 %17 = icmp eq %struct.key.269026* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.269354** %21 = load %struct.request_key_auth.269354*, %struct.request_key_auth.269354** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.269354, %struct.request_key_auth.269354* %21, i64 0, i32 1 %23 = load %struct.key.269026*, %struct.key.269026** %22, align 8 %24 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #76 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269351** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269351**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.269351* %7 = getelementptr inbounds %struct.task_struct.269351, %struct.task_struct.269351* %6, i64 0, i32 85 %8 = load %struct.cred.269051*, %struct.cred.269051** %7, align 64 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.269051, %struct.cred.269051* %8, i64 0, i32 19 %16 = load %struct.key.269026*, %struct.key.269026** %15, align 8 %17 = icmp eq %struct.key.269026* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.269354** %21 = load %struct.request_key_auth.269354*, %struct.request_key_auth.269354** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.269354, %struct.request_key_auth.269354* %21, i64 0, i32 1 %23 = load %struct.key.269026*, %struct.key.269026** %22, align 8 %24 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #76 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269351** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269351**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.269351* %7 = getelementptr inbounds %struct.task_struct.269351, %struct.task_struct.269351* %6, i64 0, i32 85 %8 = load %struct.cred.269051*, %struct.cred.269051** %7, align 64 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.269051, %struct.cred.269051* %8, i64 0, i32 19 %16 = load %struct.key.269026*, %struct.key.269026** %15, align 8 %17 = icmp eq %struct.key.269026* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.269354** %21 = load %struct.request_key_auth.269354*, %struct.request_key_auth.269354** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.269354, %struct.request_key_auth.269354* %21, i64 0, i32 1 %23 = load %struct.key.269026*, %struct.key.269026** %22, align 8 %24 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key_common 1 keyctl_instantiate_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #76 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @keyctl_instantiate_key_common(i32 %0, %struct.iov_iter* null, i32 %3) #77 Function:keyctl_instantiate_key_common %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269351** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269351**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.269351* %6 = getelementptr inbounds %struct.task_struct.269351, %struct.task_struct.269351* %5, i64 0, i32 85 %7 = load %struct.cred.269051*, %struct.cred.269051** %6, align 64 %8 = icmp eq %struct.iov_iter* %1, null br i1 %8, label %15, label %9 %16 = phi %struct.iov_iter* [ %1, %13 ], [ null, %9 ], [ null, %3 ] %17 = phi i64 [ %11, %13 ], [ 0, %9 ], [ 0, %3 ] %18 = getelementptr inbounds %struct.cred.269051, %struct.cred.269051* %7, i64 0, i32 19 %19 = load %struct.key.269026*, %struct.key.269026** %18, align 8 %20 = icmp eq %struct.key.269026* %19, null br i1 %20, label %88, label %21 %22 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %19, i64 0, i32 16, i32 0, i32 0, i64 0 %23 = bitcast i8** %22 to %struct.request_key_auth.269354** %24 = load %struct.request_key_auth.269354*, %struct.request_key_auth.269354** %23, align 8 %25 = getelementptr inbounds %struct.request_key_auth.269354, %struct.request_key_auth.269354* %24, i64 0, i32 1 %26 = load %struct.key.269026*, %struct.key.269026** %25, align 8 %27 = getelementptr inbounds %struct.key.269026, %struct.key.269026* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %0 br i1 %29, label %30, label %88 %31 = icmp eq %struct.iov_iter* %16, null br i1 %31, label %39, label %32 %33 = tail call i8* @kvmalloc_node(i64 %17, i32 3264, i32 -1) #76 %34 = icmp eq i8* %33, null br i1 %34, label %88, label %35 %36 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %17, %struct.iov_iter* nonnull %16) #76 %37 = icmp eq i64 %36, %17 br i1 %37, label %39, label %38, !prof !5, !misexpect !6 %40 = phi i8* [ null, %30 ], [ %33, %35 ] %41 = icmp eq i32 %2, 0 br i1 %41, label %72, label %42 %43 = icmp sgt i32 %2, 0 br i1 %43, label %44, label %51 %45 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %2, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %48 = tail call i64 @keyctl_chown_key(i32 %17, i32 %18, i32 %19) #76 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #76 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #76 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %45 = inttoptr i64 %9 to i8* %46 = tail call i64 @keyctl_read_key(i32 %17, i8* %45, i64 %12) #76 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #76 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #76 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %39 = tail call i64 @keyctl_keyring_unlink(i32 %17, i32 %18) #76 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #76 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #76 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %35 = tail call i64 @keyctl_keyring_clear(i32 %17) #76 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #76 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #76 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %32 = inttoptr i64 %9 to i8* %33 = tail call i64 @keyctl_describe_key(i32 %17, i8* %32, i64 %12) #76 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #76 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #76 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %27 = inttoptr i64 %9 to i8* %28 = tail call i64 @keyctl_update_key(i32 %17, i8* %27, i64 %12) #76 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #76 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #76 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #76 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #76 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #76 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_keyring_ID 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %22 = tail call i64 @keyctl_get_keyring_ID(i32 %17, i32 %18) #76 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 4) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_revoke_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %30 = tail call i64 @keyctl_revoke_key(i32 %17) #76 Function:keyctl_revoke_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_link 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %37 = tail call i64 @keyctl_keyring_link(i32 %17, i32 %18) #76 Function:keyctl_keyring_link %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 1, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_setperm_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %50 = tail call i64 @keyctl_setperm_key(i32 %17, i32 %18) #76 Function:keyctl_setperm_key %3 = and i32 %1, -1061109568 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %28 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #76 ------------- Good: 20 Bad: 55 Ignored: 0 Check Use of Function:netdev_info Check Use of Function:pci_disable_device Check Use of Function:fib_table_insert Check Use of Function:ip_tunnel_update Check Use of Function:ext4_alloc_da_blocks Check Use of Function:inc_rlimit_ucounts Check Use of Function:__uprobe_unregister Check Use of Function:dev_set_threaded Check Use of Function:nvram_misc_ioctl Check Use of Function:get_net_ns_by_id Check Use of Function:fat_dir_ioctl Check Use of Function:snd_ctl_ioctl_compat Check Use of Function:__tcf_block_find Check Use of Function:cfg80211_init_wdev Check Use of Function:e1000_set_phy_loopback Check Use of Function:hrtimer_start_range_ns Use: =BAD PATH= Call Stack: 0 busy_poll_stop 1 napi_busy_loop 2 tcp_recvmsg 3 inet6_recvmsg 4 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %20 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 12 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %15, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 busy_poll_stop 1 napi_busy_loop 2 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %20 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 12 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %15, i64 0, i32 3) #76 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 __pm_runtime_suspend 2 __intel_runtime_pm_put 3 intel_runtime_pm_put_unchecked 4 intel_rps_read_punit_req_frequency 5 intel_rps_get_requested_frequency 6 gt_cur_freq_mhz_show ------------- Path:  Function:gt_cur_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.422916** %8 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.422916, %struct.drm_i915_private.422916* %8, i64 0, i32 102, i32 18 %10 = tail call i32 @intel_rps_get_requested_frequency(%struct.intel_rps* %9) #76 Function:intel_rps_get_requested_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 3, i32 1 %3 = bitcast %struct.list_head** %2 to %struct.intel_uc.448343* %4 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 0, i32 1, i32 0 %5 = load i32, i32* %4, align 4 %6 = icmp sgt i32 %5, 4 br i1 %6, label %7, label %17 %8 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 14 %9 = load i8, i8* %8, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 3, i32 3 %13 = load i8, i8* %12, align 1, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %16 = tail call i32 @intel_rps_read_punit_req_frequency(%struct.intel_rps* %0) #76 Function:intel_rps_read_punit_req_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 1 %3 = bitcast %struct.raw_spinlock* %2 to %struct.intel_uncore.448200** %4 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %5 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 2 %6 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %5, align 8 %7 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %6) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %14, label %9 %10 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 8, i32 6 %11 = load i32 (%struct.intel_uncore.448200*, i32, i1)*, i32 (%struct.intel_uncore.448200*, i32, i1)** %10, align 8 %12 = tail call i32 %11(%struct.intel_uncore.448200* %4, i32 40968, i1 zeroext true) #76 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %6) #76 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #76 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39146, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "413:\0A\09.pushsection .discard.reachable\0A\09.long 413b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39148, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "414:\0A\09.pushsection .discard.reachable\0A\09.long 414b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39151, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "415:\0A\09.pushsection .discard.reachable\0A\09.long 415b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #76 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #76 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #77 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #77 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 __pm_runtime_suspend 2 __intel_runtime_pm_put 3 intel_runtime_pm_put_unchecked 4 intel_rps_read_actual_frequency 5 gt_act_freq_mhz_show ------------- Path:  Function:gt_act_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.422916** %8 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.422916, %struct.drm_i915_private.422916* %8, i64 0, i32 102, i32 18 %10 = tail call i32 @intel_rps_read_actual_frequency(%struct.intel_rps* %9) #76 Function:intel_rps_read_actual_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 1 %3 = bitcast %struct.raw_spinlock* %2 to %struct.intel_uncore.448200** %4 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %5 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 2 %6 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %5, align 8 %7 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %6) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %112, label %9 %10 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22 %11 = bitcast %struct.anon.189.415496* %10 to %struct.drm_i915_private.448538** %12 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 13 %13 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 14 %14 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 20 %15 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %11, align 8 %16 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %17 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %15, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 9437184 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %15, i64 0, i32 3, i32 0 %25 = load i8, i8* %24, align 8 %26 = icmp ugt i8 %25, 5 %27 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %16, i64 0, i32 8, i32 6 %28 = load i32 (%struct.intel_uncore.448200*, i32, i1)*, i32 (%struct.intel_uncore.448200*, i32, i1)** %27, align 8 br i1 %26, label %29, label %31 %32 = tail call i32 %28(%struct.intel_uncore.448200* %16, i32 70136, i1 zeroext true) #76 br label %33 %34 = phi i32 [ %22, %21 ], [ %30, %29 ], [ %32, %31 ] %35 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %11, align 8 %36 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %35, i64 0, i32 4, i32 0, i64 0 %37 = load i32, i32* %36, align 4 %38 = zext i32 %37 to i64 %39 = and i64 %38, 9437184 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %67 %42 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %35, i64 0, i32 3, i32 0 %43 = load i8, i8* %42, align 8 %44 = icmp ugt i8 %43, 8 br i1 %44, label %45, label %47 %46 = lshr i32 %34, 23 br label %73 %74 = phi i32 [ %46, %45 ], [ %69, %67 ] %75 = mul nuw nsw i32 %74, 50 %76 = icmp eq i32 %74, 0 %77 = or i32 %75, 1 %78 = add nsw i32 %75, -1 %79 = select i1 %76, i32 %78, i32 %77 %80 = sdiv i32 %79, 3 br label %110 %111 = phi i32 [ %109, %106 ], [ %80, %73 ], [ %93, %86 ], [ %105, %97 ] tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %6) #76 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #76 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39146, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "413:\0A\09.pushsection .discard.reachable\0A\09.long 413b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39148, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "414:\0A\09.pushsection .discard.reachable\0A\09.long 414b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39151, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "415:\0A\09.pushsection .discard.reachable\0A\09.long 415b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #76 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #76 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #77 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #77 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 pm_runtime_set_autosuspend_delay 3 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.53834, i64 0, i64 0), i32* nonnull %5) #76 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void @pm_runtime_set_autosuspend_delay(%struct.device* %0, i32 %14) #77 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %23 %24 = icmp ne i16 %10, 0 %25 = icmp slt i32 %6, 0 %26 = and i1 %25, %24 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !5 br label %29 %30 = tail call fastcc i32 @rpm_idle(%struct.device* %0, i32 8) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #77 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 __rpm_callback 3 rpm_resume 4 __pm_runtime_resume 5 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.317892* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #76 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.317892* %7) #76 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #77 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 __rpm_callback 3 rpm_resume 4 __pm_runtime_resume 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.700572*, align 8 store %struct.bio.700572* %0, %struct.bio.700572** %2, align 8 %3 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 1 %4 = load %struct.block_device.700569*, %struct.block_device.700569** %3, align 8 %5 = getelementptr inbounds %struct.block_device.700569, %struct.block_device.700569* %4, i64 0, i32 16 %6 = load %struct.gendisk.700393*, %struct.gendisk.700393** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.700393, %struct.gendisk.700393* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #76 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.700572**)*)(%struct.bio.700572** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #76 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %37 = icmp eq %struct.device.295559* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %36, i32 1) #76 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #76 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #76 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %54 = icmp eq %struct.device.295559* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %53, i32 1) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #77 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 __rpm_callback 3 rpm_resume 4 __pm_runtime_resume 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.299652*, align 8 store %struct.bio.299652* %0, %struct.bio.299652** %2, align 8 %3 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 1 %8 = load %struct.block_device.299712*, %struct.block_device.299712** %7, align 8 %9 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %8, i64 0, i32 16 %10 = load %struct.gendisk.299710*, %struct.gendisk.299710** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.299652**)*)(%struct.bio.299652** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #76 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %37 = icmp eq %struct.device.295559* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %36, i32 1) #76 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #76 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #76 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %54 = icmp eq %struct.device.295559* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %53, i32 1) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #77 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %113, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #76 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = bitcast i8** %24 to %struct.task_struct** store %struct.task_struct* %26, %struct.task_struct** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %29, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %29, %struct.list_head** %31, align 8 br label %32 %33 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = load %struct.list_head*, %struct.list_head** %31, align 8 %40 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 1 store volatile i32 0, i32* %44, align 8 %45 = sext i32 %33 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %38 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %83 = bitcast %struct.timerfd_ctx* %8 to %struct.hrtimer* %84 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %85 = bitcast %struct.rb_node** %84 to %struct.hrtimer_clock_base** %86 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %85, align 8 %87 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %86, i64 0, i32 6 %88 = load i64 ()*, i64 ()** %87, align 16 %89 = call i64 %88() #76 %90 = call i64 @hrtimer_forward(%struct.hrtimer* %83, i64 %89, i64 %70) #76 %91 = add i64 %62, -1 %92 = add i64 %91, %90 %93 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 0, i32 1 %96 = load i64, i64* %95, align 8 %97 = sub i64 %96, %94 call void @hrtimer_start_range_ns(%struct.hrtimer* %83, i64 %94, i64 %97, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 alarm_restart 1 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %113, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #76 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = bitcast i8** %24 to %struct.task_struct** store %struct.task_struct* %26, %struct.task_struct** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %29, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %29, %struct.list_head** %31, align 8 br label %32 %33 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = load %struct.list_head*, %struct.list_head** %31, align 8 %40 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 1 store volatile i32 0, i32* %44, align 8 %45 = sext i32 %33 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %38 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %78 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0 %79 = call i64 @alarm_forward_now(%struct.alarm* %78, i64 %70) #76 %80 = add i64 %62, -1 %81 = add i64 %80, %79 call void @alarm_restart(%struct.alarm* %78) #76 Function:alarm_restart %2 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %3 = load i32, i32* %2, align 8 %4 = zext i32 %3 to i64 %5 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %4, i32 0, i32 0, i32 0 %6 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %5) #76 %7 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1, i32 0, i32 1 store i64 %9, i64* %10, align 8 %11 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1, i32 1 store i64 %9, i64* %11, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %9, i64 0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 hrtimer_sleeper_start_expires 1 blk_poll 2 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %8) #76 %10 = getelementptr inbounds %struct.block_device.294278, %struct.block_device.294278* %9, i64 0, i32 16 %11 = load %struct.gendisk.294276*, %struct.gendisk.294276** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.294276, %struct.gendisk.294276* %11, i64 0, i32 9 %13 = load %struct.request_queue.294268*, %struct.request_queue.294268** %12, align 8 %14 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 7 %15 = bitcast %union.anon.69.294022* %14 to i32* %16 = load volatile i32, i32* %15, align 8 %17 = tail call i32 bitcast (i32 (%struct.request_queue.299702*, i32, i1)* @blk_poll to i32 (%struct.request_queue.294268*, i32, i1)*)(%struct.request_queue.294268* %13, i32 %16, i1 zeroext %1) #76 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.299866, align 8 %5 = icmp eq i32 %1, -1 br i1 %5, label %197, label %6 %7 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 11 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %197, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.299865** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.299865**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.299865* %14 = getelementptr inbounds %struct.task_struct.299865, %struct.task_struct.299865* %13, i64 0, i32 120 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 16 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 8 %20 = load %struct.blk_mq_hw_ctx.299665**, %struct.blk_mq_hw_ctx.299665*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %24, align 8 br i1 %2, label %26, label %144 %27 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 24 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, -1 br i1 %29, label %144, label %30 %31 = icmp slt i32 %1, 0 br i1 %31, label %47, label %32 %48 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %25, i64 0, i32 20 %49 = load %struct.blk_mq_tags.299664*, %struct.blk_mq_tags.299664** %48, align 8 %50 = and i32 %1, 65535 %51 = getelementptr inbounds %struct.blk_mq_tags.299664, %struct.blk_mq_tags.299664* %49, i64 0, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, %50 br i1 %53, label %54, label %144 %55 = getelementptr inbounds %struct.blk_mq_tags.299664, %struct.blk_mq_tags.299664* %49, i64 0, i32 7 %56 = load %struct.request.299674**, %struct.request.299674*** %55, align 8 %57 = zext i32 %50 to i64 %58 = getelementptr %struct.request.299674*, %struct.request.299674** %56, i64 %57 %59 = bitcast %struct.request.299674** %58 to i8** %60 = load i8*, i8** %59, align 8 %61 = bitcast i8* %60 to %struct.request.299674* %62 = icmp eq i8* %60, null br i1 %62, label %144, label %63 %64 = phi %struct.request.299674* [ %61, %54 ], [ %46, %39 ], [ null, %32 ] %65 = bitcast %struct.hrtimer_sleeper.299866* %4 to i8* %66 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %64, i64 0, i32 4 %67 = load i32, i32* %66, align 4 %68 = and i32 %67, 1048576 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %142 %71 = icmp sgt i32 %28, 0 br i1 %71, label %109, label %72 %73 = load volatile i64, i64* %7, align 8 %74 = and i64 %73, 2097152 %75 = icmp eq i64 %74, 0 br i1 %75, label %76, label %81 %77 = tail call zeroext i1 bitcast (i1 (i32, %struct.request_queue.295614*)* @blk_queue_flag_test_and_set to i1 (i32, %struct.request_queue.299702*)*)(i32 21, %struct.request_queue.299702* %0) #76 br i1 %77, label %81, label %78 %82 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %64, i64 0, i32 3 %83 = load i32, i32* %82, align 8 %84 = and i32 %83, 1 %85 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %64, i64 0, i32 19 %86 = load i16, i16* %85, align 8 %87 = zext i16 %86 to i32 %88 = tail call i32 asm "bsrl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %87, i32 -1) #4, !srcloc !5 %89 = shl i32 %88, 1 %90 = or i32 %89, %84 %91 = icmp slt i32 %90, 0 br i1 %91, label %142, label %92 %93 = icmp sgt i32 %90, 15 %94 = or i32 %84, 14 %95 = select i1 %93, i32 %94, i32 %90 %96 = sext i32 %95 to i64 %97 = getelementptr %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 26, i64 %96, i32 3 %98 = load i32, i32* %97, align 8 %99 = icmp eq i32 %98, 0 br i1 %99, label %142, label %100 %101 = getelementptr %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 26, i64 %96, i32 0 %102 = load i64, i64* %101, align 8 %103 = add i64 %102, 1 %104 = lshr i64 %103, 1 %105 = trunc i64 %104 to i32 %106 = icmp eq i32 %105, 0 br i1 %106, label %142, label %107 %108 = load i32, i32* %66, align 4 br label %109 %110 = phi i32 [ %108, %107 ], [ %67, %70 ] %111 = phi i32 [ %105, %107 ], [ %28, %70 ] %112 = or i32 %110, 1048576 store i32 %112, i32* %66, align 4 %113 = zext i32 %111 to i64 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.299866*, i32, i32)*)(%struct.hrtimer_sleeper.299866* nonnull %4, i32 1, i32 1) #76 %114 = getelementptr inbounds %struct.hrtimer_sleeper.299866, %struct.hrtimer_sleeper.299866* %4, i64 0, i32 0 %115 = getelementptr inbounds %struct.hrtimer_sleeper.299866, %struct.hrtimer_sleeper.299866* %4, i64 0, i32 0, i32 0, i32 1 store i64 %113, i64* %115, align 8 %116 = getelementptr inbounds %struct.hrtimer_sleeper.299866, %struct.hrtimer_sleeper.299866* %4, i64 0, i32 0, i32 1 store i64 %113, i64* %116, align 8 %117 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %64, i64 0, i32 23 %118 = getelementptr inbounds %struct.hrtimer_sleeper.299866, %struct.hrtimer_sleeper.299866* %4, i64 0, i32 1 %119 = getelementptr inbounds %struct.task_struct.299865, %struct.task_struct.299865* %13, i64 0, i32 0, i32 0 %120 = getelementptr inbounds %struct.task_struct.299865, %struct.task_struct.299865* %13, i64 0, i32 1 br label %121 %122 = phi i32 [ 1, %109 ], [ 0, %138 ] %123 = load volatile i32, i32* %117, align 8 %124 = icmp eq i32 %123, 2 br i1 %124, label %143, label %125 %126 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32 2, i32* %120) #6, !srcloc !6 call void bitcast (void (%struct.hrtimer_sleeper*, i32)* @hrtimer_sleeper_start_expires to void (%struct.hrtimer_sleeper.299866*, i32)*)(%struct.hrtimer_sleeper.299866* nonnull %4, i32 %122) #76 Function:hrtimer_sleeper_start_expires %3 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %4 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %3, i64 %5, i64 %8, i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout 2 wait_task_inactive 3 ptrace_check_attach 4 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %19) #76 %21 = icmp eq %struct.task_struct* %20, null br i1 %21, label %86, label %22 switch i32 %9, label %30 [ i32 16902, label %23 i32 16, label %23 ] %31 = icmp eq i32 %9, 8 %32 = icmp eq i32 %9, 16903 %33 = or i1 %31, %32 %34 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct* nonnull %20, i1 zeroext %33) #76 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 16 %5 = icmp eq i32 %4, 0 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 16 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = icmp eq %struct.task_struct* %8, %10 br i1 %11, label %12, label %57 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %14 = load volatile i32, i32* %13, align 8 %15 = icmp eq i32 %14, 8 br i1 %15, label %16, label %17, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5405, i64 0, i64 0), i32 259, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "309:\0A\09.pushsection .discard.reachable\0A\09.long 309b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %17 br i1 %1, label %57, label %18 %58 = phi i1 [ true, %2 ], [ true, %48 ], [ true, %6 ], [ true, %18 ], [ true, %51 ], [ true, %54 ], [ false, %45 ], [ false, %17 ] %59 = phi i32 [ -3, %2 ], [ -3, %48 ], [ -3, %6 ], [ -3, %18 ], [ -3, %51 ], [ -3, %54 ], [ 0, %45 ], [ 0, %17 ] %60 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %61 = or i1 %58, %1 %62 = select i1 %58, i32 %59, i32 0 br i1 %61, label %71, label %63 %64 = tail call i64 @wait_task_inactive(%struct.task_struct* %0, i32 8) #76 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %6 = icmp eq i32 %1, 0 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 75 %11 = bitcast i64* %3 to i8* br label %12 %13 = load volatile i32, i32* %4, align 8 %14 = load i32, i32* %5, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %16 br i1 %6, label %20, label %17 %18 = load volatile i32, i32* %7, align 8 %19 = icmp eq i32 %18, %1 br i1 %19, label %20, label %91, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = load i32, i32* %5, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %16 br label %24 %25 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #76 %26 = load volatile i32, i32* %4, align 8 %27 = zext i32 %26 to i64 %28 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %27 %29 = load i64, i64* %28, align 8 %30 = add i64 %29, ptrtoint (%struct.rq* @runqueues to i64) %31 = inttoptr i64 %30 to %struct.rq* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %32 = getelementptr inbounds %struct.rq, %struct.rq* %31, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %32) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %33 = load volatile i32, i32* %4, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %34 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, ptrtoint (%struct.rq* @runqueues to i64) %38 = inttoptr i64 %37 to %struct.rq* %39 = icmp eq %struct.rq* %31, %38 br i1 %39, label %40, label %43, !prof !4 %41 = load volatile i32, i32* %8, align 8 %42 = icmp eq i32 %41, 2 br i1 %42, label %43, label %51, !prof !9, !misexpect !10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@wait_task_inactive, %52)) #6 to label %66 [label %52], !srcloc !13 %67 = load i32, i32* %5, align 4 %68 = load i32, i32* %8, align 8 %69 = icmp eq i32 %68, 1 br i1 %6, label %73, label %70 %74 = load i64, i64* %10, align 8 %75 = or i64 %74, -9223372036854775808 br label %76 %77 = phi i64 [ %75, %73 ], [ 0, %70 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = inttoptr i64 %30 to i8* store volatile i8 0, i8* %78, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %25) #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %91, label %80, !prof !9, !misexpect !5 %81 = icmp eq i32 %67, 0 br i1 %81, label %84, label %82, !prof !4, !misexpect !5 br i1 %69, label %85, label %91, !prof !9, !misexpect !5 store i64 1000000, i64* %3, align 8 %86 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !18 %87 = inttoptr i64 %86 to %struct.task_struct* %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %87, i64 0, i32 1 %89 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 2, i32* %88) #6, !srcloc !19 %90 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #76 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout 2 wait_task_inactive 3 ptrace_check_attach 4 __se_sys_ptrace 5 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #76 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #76 %12 = icmp eq %struct.task_struct* %11, null br i1 %12, label %73, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct* nonnull %11, i1 zeroext %20) #76 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 16 %5 = icmp eq i32 %4, 0 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 16 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = icmp eq %struct.task_struct* %8, %10 br i1 %11, label %12, label %57 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %14 = load volatile i32, i32* %13, align 8 %15 = icmp eq i32 %14, 8 br i1 %15, label %16, label %17, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5405, i64 0, i64 0), i32 259, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "309:\0A\09.pushsection .discard.reachable\0A\09.long 309b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %17 br i1 %1, label %57, label %18 %58 = phi i1 [ true, %2 ], [ true, %48 ], [ true, %6 ], [ true, %18 ], [ true, %51 ], [ true, %54 ], [ false, %45 ], [ false, %17 ] %59 = phi i32 [ -3, %2 ], [ -3, %48 ], [ -3, %6 ], [ -3, %18 ], [ -3, %51 ], [ -3, %54 ], [ 0, %45 ], [ 0, %17 ] %60 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %61 = or i1 %58, %1 %62 = select i1 %58, i32 %59, i32 0 br i1 %61, label %71, label %63 %64 = tail call i64 @wait_task_inactive(%struct.task_struct* %0, i32 8) #76 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %6 = icmp eq i32 %1, 0 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 75 %11 = bitcast i64* %3 to i8* br label %12 %13 = load volatile i32, i32* %4, align 8 %14 = load i32, i32* %5, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %16 br i1 %6, label %20, label %17 %18 = load volatile i32, i32* %7, align 8 %19 = icmp eq i32 %18, %1 br i1 %19, label %20, label %91, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = load i32, i32* %5, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %16 br label %24 %25 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #76 %26 = load volatile i32, i32* %4, align 8 %27 = zext i32 %26 to i64 %28 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %27 %29 = load i64, i64* %28, align 8 %30 = add i64 %29, ptrtoint (%struct.rq* @runqueues to i64) %31 = inttoptr i64 %30 to %struct.rq* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %32 = getelementptr inbounds %struct.rq, %struct.rq* %31, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %32) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %33 = load volatile i32, i32* %4, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %34 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, ptrtoint (%struct.rq* @runqueues to i64) %38 = inttoptr i64 %37 to %struct.rq* %39 = icmp eq %struct.rq* %31, %38 br i1 %39, label %40, label %43, !prof !4 %41 = load volatile i32, i32* %8, align 8 %42 = icmp eq i32 %41, 2 br i1 %42, label %43, label %51, !prof !9, !misexpect !10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@wait_task_inactive, %52)) #6 to label %66 [label %52], !srcloc !13 %67 = load i32, i32* %5, align 4 %68 = load i32, i32* %8, align 8 %69 = icmp eq i32 %68, 1 br i1 %6, label %73, label %70 %74 = load i64, i64* %10, align 8 %75 = or i64 %74, -9223372036854775808 br label %76 %77 = phi i64 [ %75, %73 ], [ 0, %70 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = inttoptr i64 %30 to i8* store volatile i8 0, i8* %78, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %25) #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %91, label %80, !prof !9, !misexpect !5 %81 = icmp eq i32 %67, 0 br i1 %81, label %84, label %82, !prof !4, !misexpect !5 br i1 %69, label %85, label %91, !prof !9, !misexpect !5 store i64 1000000, i64* %3, align 8 %86 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !18 %87 = inttoptr i64 %86 to %struct.task_struct* %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %87, i64 0, i32 1 %89 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 2, i32* %88) #6, !srcloc !19 %90 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #76 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout 2 wait_task_inactive 3 ptrace_check_attach 4 __se_sys_ptrace 5 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #76 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #76 %12 = icmp eq %struct.task_struct* %11, null br i1 %12, label %73, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct* nonnull %11, i1 zeroext %20) #76 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 16 %5 = icmp eq i32 %4, 0 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 16 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = icmp eq %struct.task_struct* %8, %10 br i1 %11, label %12, label %57 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %14 = load volatile i32, i32* %13, align 8 %15 = icmp eq i32 %14, 8 br i1 %15, label %16, label %17, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5405, i64 0, i64 0), i32 259, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "309:\0A\09.pushsection .discard.reachable\0A\09.long 309b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %17 br i1 %1, label %57, label %18 %58 = phi i1 [ true, %2 ], [ true, %48 ], [ true, %6 ], [ true, %18 ], [ true, %51 ], [ true, %54 ], [ false, %45 ], [ false, %17 ] %59 = phi i32 [ -3, %2 ], [ -3, %48 ], [ -3, %6 ], [ -3, %18 ], [ -3, %51 ], [ -3, %54 ], [ 0, %45 ], [ 0, %17 ] %60 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %61 = or i1 %58, %1 %62 = select i1 %58, i32 %59, i32 0 br i1 %61, label %71, label %63 %64 = tail call i64 @wait_task_inactive(%struct.task_struct* %0, i32 8) #76 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %6 = icmp eq i32 %1, 0 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 75 %11 = bitcast i64* %3 to i8* br label %12 %13 = load volatile i32, i32* %4, align 8 %14 = load i32, i32* %5, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %16 br i1 %6, label %20, label %17 %18 = load volatile i32, i32* %7, align 8 %19 = icmp eq i32 %18, %1 br i1 %19, label %20, label %91, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = load i32, i32* %5, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %16 br label %24 %25 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #76 %26 = load volatile i32, i32* %4, align 8 %27 = zext i32 %26 to i64 %28 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %27 %29 = load i64, i64* %28, align 8 %30 = add i64 %29, ptrtoint (%struct.rq* @runqueues to i64) %31 = inttoptr i64 %30 to %struct.rq* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %32 = getelementptr inbounds %struct.rq, %struct.rq* %31, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %32) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %33 = load volatile i32, i32* %4, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %34 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, ptrtoint (%struct.rq* @runqueues to i64) %38 = inttoptr i64 %37 to %struct.rq* %39 = icmp eq %struct.rq* %31, %38 br i1 %39, label %40, label %43, !prof !4 %41 = load volatile i32, i32* %8, align 8 %42 = icmp eq i32 %41, 2 br i1 %42, label %43, label %51, !prof !9, !misexpect !10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@wait_task_inactive, %52)) #6 to label %66 [label %52], !srcloc !13 %67 = load i32, i32* %5, align 4 %68 = load i32, i32* %8, align 8 %69 = icmp eq i32 %68, 1 br i1 %6, label %73, label %70 %74 = load i64, i64* %10, align 8 %75 = or i64 %74, -9223372036854775808 br label %76 %77 = phi i64 [ %75, %73 ], [ 0, %70 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = inttoptr i64 %30 to i8* store volatile i8 0, i8* %78, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %25) #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %91, label %80, !prof !9, !misexpect !5 %81 = icmp eq i32 %67, 0 br i1 %81, label %84, label %82, !prof !4, !misexpect !5 br i1 %69, label %85, label %91, !prof !9, !misexpect !5 store i64 1000000, i64* %3, align 8 %86 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !18 %87 = inttoptr i64 %86 to %struct.task_struct* %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %87, i64 0, i32 1 %89 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 2, i32* %88) #6, !srcloc !19 %90 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #76 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_sys_poll 3 __se_sys_poll 4 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.152* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #76 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.152* %5, i32 %6, %struct.cpu_itimer* %28) #76 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 95 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 32 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.152, %struct.anon.152* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.152, %struct.anon.152* %25, i64 %42 %44 = bitcast %struct.anon.152* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.152* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #76 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #76 %106 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 16 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 160 %132 = load i64, i64* %131, align 16 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %144 %145 = phi i32 [ 0, %254 ], [ %138, %137 ] %146 = phi i32 [ %244, %254 ], [ 0, %137 ] %147 = phi i32 [ %226, %254 ], [ %79, %137 ] %148 = phi i64 [ %257, %254 ], [ 0, %137 ] %149 = phi i64* [ %155, %254 ], [ null, %137 ] %150 = icmp eq i64 %148, 0 br label %151 %152 = phi i32 [ %145, %144 ], [ %286, %285 ] %153 = phi i32 [ %146, %144 ], [ %244, %285 ] %154 = phi i32 [ %147, %144 ], [ 0, %285 ] %155 = phi i64* [ %149, %144 ], [ %279, %285 ] br label %156 %157 = phi i32 [ 0, %261 ], [ %152, %151 ] %158 = phi i32 [ %244, %261 ], [ %153, %151 ] %159 = phi i32 [ %226, %261 ], [ %154, %151 ] br label %160 %161 = phi %struct.poll_list* [ %228, %223 ], [ %11, %156 ] %162 = phi i32 [ %226, %223 ], [ %159, %156 ] %163 = phi i32 [ %225, %223 ], [ %158, %156 ] %164 = phi i8 [ %224, %223 ], [ 0, %156 ] %165 = phi i32* [ %229, %223 ], [ %13, %156 ] %166 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 0 %167 = load i32, i32* %165, align 8 %168 = sext i32 %167 to i64 %169 = getelementptr %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 %168 %170 = icmp eq %struct.anon.152* %166, %169 br i1 %170, label %223, label %171 %172 = phi %struct.anon.152* [ %221, %217 ], [ %166, %160 ] %173 = phi i32 [ %220, %217 ], [ %162, %160 ] %174 = phi i32 [ %219, %217 ], [ %163, %160 ] %175 = phi i8 [ %218, %217 ], [ %164, %160 ] %176 = getelementptr inbounds %struct.anon.152, %struct.anon.152* %172, i64 0, i32 0 %177 = load i32, i32* %176, align 4 %178 = icmp slt i32 %177, 0 br i1 %178, label %179, label %181 %182 = call i64 @__fdget(i32 %177) #76 %183 = and i64 %182, -4 %184 = inttoptr i64 %183 to %struct.file* %185 = icmp eq i64 %183, 0 br i1 %185, label %186, label %188 %189 = getelementptr inbounds %struct.anon.152, %struct.anon.152* %172, i64 0, i32 1 %190 = load i16, i16* %189, align 4 %191 = and i16 %190, 10215 %192 = or i16 %191, 24 %193 = zext i16 %192 to i32 %194 = or i32 %173, %193 store i32 %194, i32* %69, align 8 %195 = getelementptr inbounds %struct.file, %struct.file* %184, i64 0, i32 3 %196 = load %struct.file_operations*, %struct.file_operations** %195, align 8 %197 = getelementptr inbounds %struct.file_operations, %struct.file_operations* %196, i64 0, i32 9 %198 = load i32 (%struct.file*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.poll_table_struct*)** %197, align 8 %199 = icmp eq i32 (%struct.file*, %struct.poll_table_struct*)* %198, null br i1 %199, label %202, label %200, !prof !5, !misexpect !6 %201 = call i32 %198(%struct.file* nonnull %184, %struct.poll_table_struct* nonnull %75) #76 br label %202 %203 = phi i32 [ %201, %200 ], [ 325, %188 ] %204 = and i32 %203, %173 %205 = icmp eq i32 %204, 0 %206 = select i1 %205, i8 %175, i8 1 %207 = and i32 %203, %193 %208 = and i64 %182, 1 %209 = icmp eq i64 %208, 0 br i1 %209, label %211, label %210 call void bitcast (void (%struct.file.144380*)* @fput to void (%struct.file*)*)(%struct.file* nonnull %184) #76 br label %211 %212 = trunc i32 %207 to i16 %213 = getelementptr inbounds %struct.anon.152, %struct.anon.152* %172, i64 0, i32 2 store i16 %212, i16* %213, align 2 %214 = icmp eq i32 %207, 0 br i1 %214, label %217, label %215 %216 = add i32 %174, 1 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 br label %217 %218 = phi i8 [ %206, %211 ], [ 0, %215 ], [ %175, %179 ] %219 = phi i32 [ %174, %211 ], [ %216, %215 ], [ %174, %179 ] %220 = phi i32 [ %173, %211 ], [ 0, %215 ], [ %173, %179 ] %221 = getelementptr %struct.anon.152, %struct.anon.152* %172, i64 1 %222 = icmp eq %struct.anon.152* %221, %169 br i1 %222, label %223, label %171 %224 = phi i8 [ %164, %160 ], [ %218, %217 ] %225 = phi i32 [ %163, %160 ], [ %219, %217 ] %226 = phi i32 [ %162, %160 ], [ %220, %217 ] %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 0 %228 = load %struct.poll_list*, %struct.poll_list** %227, align 8 %229 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %228, i64 0, i32 1 %230 = icmp eq %struct.poll_list* %228, null br i1 %230, label %231, label %160 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %232 = icmp eq i32 %225, 0 br i1 %232, label %233, label %243 %234 = load i32, i32* %72, align 4 %235 = load volatile i64, i64* %142, align 8 %236 = and i64 %235, 131072 %237 = icmp eq i64 %236, 0 br i1 %237, label %238, label %243, !prof !9, !misexpect !6 %239 = load volatile i64, i64* %142, align 8 %240 = and i64 %239, 4 %241 = icmp eq i64 %240, 0 %242 = select i1 %241, i32 %234, i32 -514 br label %243 %244 = phi i32 [ %225, %231 ], [ -514, %233 ], [ %242, %238 ] %245 = or i32 %244, %157 %246 = icmp eq i32 %245, 0 br i1 %246, label %247, label %292 %248 = icmp eq i8 %224, 0 br i1 %248, label %268, label %249 %250 = load volatile i64, i64* %142, align 8 %251 = and i64 %250, 8 %252 = icmp eq i64 %251, 0 br i1 %252, label %253, label %268 br i1 %150, label %254, label %258 %259 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %260 = icmp eq i32 %259, 0 br i1 %260, label %268, label %261 %262 = zext i32 %259 to i64 %263 = add nuw nsw i64 %148, %262 %264 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !10 %265 = call i64 @sched_clock_cpu(i32 %264) #76 %266 = lshr i64 %265, 10 %267 = icmp ult i64 %263, %266 br i1 %267, label %268, label %156 %269 = icmp ne i64* %155, null %270 = or i1 %80, %269 br i1 %270, label %278, label %271 %272 = load i64, i64* %140, align 8 %273 = load i64, i64* %141, align 8 %274 = icmp sgt i64 %272, 9223372035 %275 = mul i64 %272, 1000000000 %276 = add i64 %275, %273 %277 = select i1 %274, i64 9223372036854775807, i64 %276, !prof !5 store i64 %277, i64* %6, align 8 br label %278 %279 = phi i64* [ %155, %268 ], [ %6, %271 ] %280 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %143, i32 1, i32* %143) #6, !srcloc !11 %281 = load i32, i32* %71, align 8 %282 = icmp eq i32 %281, 0 br i1 %282, label %287, label %283 %288 = call i32 @schedule_hrtimeout_range(i64* %279, i64 %139, i32 0) #76 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_sys_poll 3 __se_sys_poll 4 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.152* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #76 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.152* %5, i32 %6, %struct.cpu_itimer* %28) #76 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 95 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 32 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.152, %struct.anon.152* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.152, %struct.anon.152* %25, i64 %42 %44 = bitcast %struct.anon.152* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.152* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #76 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #76 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #76 %106 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 16 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 160 %132 = load i64, i64* %131, align 16 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %144 %145 = phi i32 [ 0, %254 ], [ %138, %137 ] %146 = phi i32 [ %244, %254 ], [ 0, %137 ] %147 = phi i32 [ %226, %254 ], [ %79, %137 ] %148 = phi i64 [ %257, %254 ], [ 0, %137 ] %149 = phi i64* [ %155, %254 ], [ null, %137 ] %150 = icmp eq i64 %148, 0 br label %151 %152 = phi i32 [ %145, %144 ], [ %286, %285 ] %153 = phi i32 [ %146, %144 ], [ %244, %285 ] %154 = phi i32 [ %147, %144 ], [ 0, %285 ] %155 = phi i64* [ %149, %144 ], [ %279, %285 ] br label %156 %157 = phi i32 [ 0, %261 ], [ %152, %151 ] %158 = phi i32 [ %244, %261 ], [ %153, %151 ] %159 = phi i32 [ %226, %261 ], [ %154, %151 ] br label %160 %161 = phi %struct.poll_list* [ %228, %223 ], [ %11, %156 ] %162 = phi i32 [ %226, %223 ], [ %159, %156 ] %163 = phi i32 [ %225, %223 ], [ %158, %156 ] %164 = phi i8 [ %224, %223 ], [ 0, %156 ] %165 = phi i32* [ %229, %223 ], [ %13, %156 ] %166 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 0 %167 = load i32, i32* %165, align 8 %168 = sext i32 %167 to i64 %169 = getelementptr %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 %168 %170 = icmp eq %struct.anon.152* %166, %169 br i1 %170, label %223, label %171 %172 = phi %struct.anon.152* [ %221, %217 ], [ %166, %160 ] %173 = phi i32 [ %220, %217 ], [ %162, %160 ] %174 = phi i32 [ %219, %217 ], [ %163, %160 ] %175 = phi i8 [ %218, %217 ], [ %164, %160 ] %176 = getelementptr inbounds %struct.anon.152, %struct.anon.152* %172, i64 0, i32 0 %177 = load i32, i32* %176, align 4 %178 = icmp slt i32 %177, 0 br i1 %178, label %179, label %181 %182 = call i64 @__fdget(i32 %177) #76 %183 = and i64 %182, -4 %184 = inttoptr i64 %183 to %struct.file* %185 = icmp eq i64 %183, 0 br i1 %185, label %186, label %188 %189 = getelementptr inbounds %struct.anon.152, %struct.anon.152* %172, i64 0, i32 1 %190 = load i16, i16* %189, align 4 %191 = and i16 %190, 10215 %192 = or i16 %191, 24 %193 = zext i16 %192 to i32 %194 = or i32 %173, %193 store i32 %194, i32* %69, align 8 %195 = getelementptr inbounds %struct.file, %struct.file* %184, i64 0, i32 3 %196 = load %struct.file_operations*, %struct.file_operations** %195, align 8 %197 = getelementptr inbounds %struct.file_operations, %struct.file_operations* %196, i64 0, i32 9 %198 = load i32 (%struct.file*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.poll_table_struct*)** %197, align 8 %199 = icmp eq i32 (%struct.file*, %struct.poll_table_struct*)* %198, null br i1 %199, label %202, label %200, !prof !5, !misexpect !6 %201 = call i32 %198(%struct.file* nonnull %184, %struct.poll_table_struct* nonnull %75) #76 br label %202 %203 = phi i32 [ %201, %200 ], [ 325, %188 ] %204 = and i32 %203, %173 %205 = icmp eq i32 %204, 0 %206 = select i1 %205, i8 %175, i8 1 %207 = and i32 %203, %193 %208 = and i64 %182, 1 %209 = icmp eq i64 %208, 0 br i1 %209, label %211, label %210 call void bitcast (void (%struct.file.144380*)* @fput to void (%struct.file*)*)(%struct.file* nonnull %184) #76 br label %211 %212 = trunc i32 %207 to i16 %213 = getelementptr inbounds %struct.anon.152, %struct.anon.152* %172, i64 0, i32 2 store i16 %212, i16* %213, align 2 %214 = icmp eq i32 %207, 0 br i1 %214, label %217, label %215 %216 = add i32 %174, 1 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 br label %217 %218 = phi i8 [ %206, %211 ], [ 0, %215 ], [ %175, %179 ] %219 = phi i32 [ %174, %211 ], [ %216, %215 ], [ %174, %179 ] %220 = phi i32 [ %173, %211 ], [ 0, %215 ], [ %173, %179 ] %221 = getelementptr %struct.anon.152, %struct.anon.152* %172, i64 1 %222 = icmp eq %struct.anon.152* %221, %169 br i1 %222, label %223, label %171 %224 = phi i8 [ %164, %160 ], [ %218, %217 ] %225 = phi i32 [ %163, %160 ], [ %219, %217 ] %226 = phi i32 [ %162, %160 ], [ %220, %217 ] %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 0 %228 = load %struct.poll_list*, %struct.poll_list** %227, align 8 %229 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %228, i64 0, i32 1 %230 = icmp eq %struct.poll_list* %228, null br i1 %230, label %231, label %160 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %232 = icmp eq i32 %225, 0 br i1 %232, label %233, label %243 %234 = load i32, i32* %72, align 4 %235 = load volatile i64, i64* %142, align 8 %236 = and i64 %235, 131072 %237 = icmp eq i64 %236, 0 br i1 %237, label %238, label %243, !prof !9, !misexpect !6 %239 = load volatile i64, i64* %142, align 8 %240 = and i64 %239, 4 %241 = icmp eq i64 %240, 0 %242 = select i1 %241, i32 %234, i32 -514 br label %243 %244 = phi i32 [ %225, %231 ], [ -514, %233 ], [ %242, %238 ] %245 = or i32 %244, %157 %246 = icmp eq i32 %245, 0 br i1 %246, label %247, label %292 %248 = icmp eq i8 %224, 0 br i1 %248, label %268, label %249 %250 = load volatile i64, i64* %142, align 8 %251 = and i64 %250, 8 %252 = icmp eq i64 %251, 0 br i1 %252, label %253, label %268 br i1 %150, label %254, label %258 %259 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %260 = icmp eq i32 %259, 0 br i1 %260, label %268, label %261 %262 = zext i32 %259 to i64 %263 = add nuw nsw i64 %148, %262 %264 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !10 %265 = call i64 @sched_clock_cpu(i32 %264) #76 %266 = lshr i64 %265, 10 %267 = icmp ult i64 %263, %266 br i1 %267, label %268, label %156 %269 = icmp ne i64* %155, null %270 = or i1 %80, %269 br i1 %270, label %278, label %271 %272 = load i64, i64* %140, align 8 %273 = load i64, i64* %141, align 8 %274 = icmp sgt i64 %272, 9223372035 %275 = mul i64 %272, 1000000000 %276 = add i64 %275, %273 %277 = select i1 %274, i64 9223372036854775807, i64 %276, !prof !5 store i64 %277, i64* %6, align 8 br label %278 %279 = phi i64* [ %155, %268 ], [ %6, %271 ] %280 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %143, i32 1, i32* %143) #6, !srcloc !11 %281 = load i32, i32* %71, align 8 %282 = icmp eq i32 %281, 0 br i1 %282, label %287, label %283 %288 = call i32 @schedule_hrtimeout_range(i64* %279, i64 %139, i32 0) #76 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 compat_core_sys_select 4 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #76 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %70 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast %struct.cpu_itimer* %2 to i8* %32 = bitcast %struct.util_est* %3 to i8* %33 = icmp eq i32 %28, 0 br i1 %33, label %63, label %34 %35 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %30, i64 8) #76 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %68 %38 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = sdiv i64 %43, 1000000 %45 = add nsw i64 %44, %40 %46 = srem i64 %43, 1000000 %47 = mul nsw i64 %46, 1000 %48 = icmp sgt i64 %45, -1 %49 = icmp ult i64 %47, 1000000000 %50 = and i1 %48, %49 br i1 %50, label %51, label %68 %52 = or i64 %47, %45 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %55 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #76 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %59 = load i64, i64* %58, align 8 %60 = call { i64, i64 } @timespec64_add_safe(i64 %57, i64 %59, i64 %45, i64 %47) #76 %61 = extractvalue { i64, i64 } %60, 0 %62 = extractvalue { i64, i64 } %60, 1 store i64 %61, i64* %56, align 8 store i64 %62, i64* %58, align 8 br label %63 %64 = phi %struct.cpu_itimer* [ null, %12 ], [ %2, %55 ], [ %2, %54 ] %65 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.cpu_itimer* %64) #76 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #76 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #76 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %100, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %100 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__cond_resched() #76 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %100 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !9, !misexpect !8 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 %378 = icmp ne i64* %191, null %379 = or i1 %111, %378 br i1 %379, label %387, label %380 %388 = phi i64* [ %191, %377 ], [ %6, %380 ] %389 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %181, i32 1, i32* %181) #6, !srcloc !11 %390 = load i32, i32* %106, align 8 %391 = icmp eq i32 %390, 0 br i1 %391, label %396, label %392 %397 = call i32 @schedule_hrtimeout_range(i64* %388, i64 %170, i32 0) #76 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 compat_core_sys_select 4 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast %struct.cpu_itimer* %2 to i8* %23 = bitcast %struct.util_est* %3 to i8* %24 = icmp eq i64 %17, 0 %25 = inttoptr i64 %17 to i8* br i1 %24, label %55, label %26 %27 = call i64 @_copy_from_user(i8* nonnull %23, i8* nonnull %25, i64 8) #76 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %60 %30 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %31 = load i32, i32* %30, align 4 %32 = sext i32 %31 to i64 %33 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = sext i32 %34 to i64 %36 = sdiv i64 %35, 1000000 %37 = add nsw i64 %36, %32 %38 = srem i64 %35, 1000000 %39 = mul nsw i64 %38, 1000 %40 = icmp sgt i64 %37, -1 %41 = icmp ult i64 %39, 1000000000 %42 = and i1 %40, %41 br i1 %42, label %43, label %60 %44 = or i64 %39, %37 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %47 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #76 %48 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %37, i64 %39) #76 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 store i64 %53, i64* %48, align 8 store i64 %54, i64* %50, align 8 br label %55 %56 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %47 ], [ %2, %46 ] %57 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.cpu_itimer* %56) #76 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #76 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #76 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %100, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %100 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__cond_resched() #76 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %100 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !9, !misexpect !8 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 %378 = icmp ne i64* %191, null %379 = or i1 %111, %378 br i1 %379, label %387, label %380 %388 = phi i64* [ %191, %377 ], [ %6, %380 ] %389 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %181, i32 1, i32* %181) #6, !srcloc !11 %390 = load i32, i32* %106, align 8 %391 = icmp eq i32 %390, 0 br i1 %391, label %396, label %392 %397 = call i32 @schedule_hrtimeout_range(i64* %388, i64 %170, i32 0) #76 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 core_sys_select 4 __se_sys_select 5 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #76 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #76 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #76 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #76 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #76 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #76 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #76 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %100, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %100 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__cond_resched() #76 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %100 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !9, !misexpect !8 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 %378 = icmp ne i64* %191, null %379 = or i1 %111, %378 br i1 %379, label %387, label %380 %388 = phi i64* [ %191, %377 ], [ %6, %380 ] %389 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %181, i32 1, i32* %181) #6, !srcloc !11 %390 = load i32, i32* %106, align 8 %391 = icmp eq i32 %390, 0 br i1 %391, label %396, label %392 %397 = call i32 @schedule_hrtimeout_range(i64* %388, i64 %170, i32 0) #76 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 core_sys_select 4 __se_sys_select 5 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #76 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #76 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #76 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #76 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #76 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #76 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #76 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #77 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 92 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 8 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %99, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %99, label %63 %100 = phi i32 [ -9, %45 ], [ %51, %50 ], [ %51, %77 ], [ -9, %79 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %101 = icmp slt i32 %100, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %100, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %100 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__cond_resched() #76 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %100 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !9, !misexpect !8 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 %378 = icmp ne i64* %191, null %379 = or i1 %111, %378 br i1 %379, label %387, label %380 %388 = phi i64* [ %191, %377 ], [ %6, %380 ] %389 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %181, i32 1, i32* %181) #6, !srcloc !11 %390 = load i32, i32* %106, align 8 %391 = icmp eq i32 %390, 0 br i1 %391, label %396, label %392 %397 = call i32 @schedule_hrtimeout_range(i64* %388, i64 %170, i32 0) #76 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #76 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #76 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep 2 __ia32_sys_nanosleep ------------- Path:  Function:__ia32_sys_nanosleep %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_nanosleep(i64 %4, i64 %7) #76 Function:__se_sys_nanosleep %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = inttoptr i64 %1 to %struct.cpu_itimer* %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* %5) #76 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp ne i64 %1, 0 %20 = zext i1 %19 to i32 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.cpu_itimer** store %struct.cpu_itimer* %6, %struct.cpu_itimer** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #76 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #76 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #76 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #76 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #76 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #76 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep 2 __x64_sys_nanosleep ------------- Path:  Function:__x64_sys_nanosleep %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_nanosleep(i64 %3, i64 %5) #76 Function:__se_sys_nanosleep %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = inttoptr i64 %1 to %struct.cpu_itimer* %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* %5) #76 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp ne i64 %1, 0 %20 = zext i1 %19 to i32 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.cpu_itimer** store %struct.cpu_itimer* %6, %struct.cpu_itimer** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #76 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #76 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #76 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #76 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #76 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #76 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep_time32 2 __ia32_sys_nanosleep_time32 ------------- Path:  Function:__ia32_sys_nanosleep_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_nanosleep_time32(i64 %4, i64 %7) #76 Function:__se_sys_nanosleep_time32 %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %1 to %struct.util_est* %6 = bitcast %struct.cpu_itimer* %4 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %4, i8* %7) #76 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp eq i64 %1, 0 %20 = select i1 %19, i32 0, i32 2 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.util_est** store %struct.util_est* %5, %struct.util_est** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #76 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #76 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #76 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #76 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #76 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #76 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep_time32 2 __x64_sys_nanosleep_time32 ------------- Path:  Function:__x64_sys_nanosleep_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_nanosleep_time32(i64 %3, i64 %5) #76 Function:__se_sys_nanosleep_time32 %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %1 to %struct.util_est* %6 = bitcast %struct.cpu_itimer* %4 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %4, i8* %7) #76 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp eq i64 %1, 0 %20 = select i1 %19, i32 0, i32 2 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.util_est** store %struct.util_est* %5, %struct.util_est** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #76 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #76 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #76 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #76 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #76 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #76 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #76 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #76 ------------- Good: 1734 Bad: 28 Ignored: 1802 Check Use of Function:xt_compat_flush_offsets Check Use of Function:selinux_policy_commit Check Use of Function:anon_inode_getfd Use: =BAD PATH= Call Stack: 0 pidfd_create 1 __se_sys_pidfd_open 2 __ia32_sys_pidfd_open ------------- Path:  Function:__ia32_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %4, i64 %7) #76 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #76 %11 = icmp eq %struct.pid* %10, null br i1 %11, label %34, label %12 %13 = tail call i32 @pidfd_create(%struct.pid* nonnull %10, i32 %4) #76 Function:pidfd_create %3 = icmp eq %struct.pid* %0, null br i1 %3, label %43, label %4 %5 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 3, i64 1, i32 0 %6 = load volatile %struct.hlist_node*, %struct.hlist_node** %5, align 8 %7 = icmp ne %struct.hlist_node* %6, null %8 = and i32 %1, -526339 %9 = icmp eq i32 %8, 0 %10 = and i1 %9, %7 br i1 %10, label %11, label %43 %12 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0 %13 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0, i32 0, i32 0 %14 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 1, i32* %13) #6, !srcloc !4 %15 = icmp eq i32 %14, 0 br i1 %15, label %20, label %16, !prof !5, !misexpect !6 %17 = add i32 %14, 1 %18 = or i32 %17, %14 %19 = icmp sgt i32 %18, -1 br i1 %19, label %22, label %20, !prof !7, !misexpect !6 %21 = phi i32 [ 2, %11 ], [ 1, %16 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %12, i32 %21) #76 br label %22 %23 = bitcast %struct.pid* %0 to i8* %24 = or i32 %1, 524290 %25 = tail call i32 @anon_inode_getfd(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.5888, i64 0, i64 0), %struct.file_operations* nonnull @pidfd_fops, i8* nonnull %23, i32 %24) #76 ------------- Use: =BAD PATH= Call Stack: 0 pidfd_create 1 __se_sys_pidfd_open 2 __x64_sys_pidfd_open ------------- Path:  Function:__x64_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %3, i64 %5) #76 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #76 %11 = icmp eq %struct.pid* %10, null br i1 %11, label %34, label %12 %13 = tail call i32 @pidfd_create(%struct.pid* nonnull %10, i32 %4) #76 Function:pidfd_create %3 = icmp eq %struct.pid* %0, null br i1 %3, label %43, label %4 %5 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 3, i64 1, i32 0 %6 = load volatile %struct.hlist_node*, %struct.hlist_node** %5, align 8 %7 = icmp ne %struct.hlist_node* %6, null %8 = and i32 %1, -526339 %9 = icmp eq i32 %8, 0 %10 = and i1 %9, %7 br i1 %10, label %11, label %43 %12 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0 %13 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0, i32 0, i32 0 %14 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 1, i32* %13) #6, !srcloc !4 %15 = icmp eq i32 %14, 0 br i1 %15, label %20, label %16, !prof !5, !misexpect !6 %17 = add i32 %14, 1 %18 = or i32 %17, %14 %19 = icmp sgt i32 %18, -1 br i1 %19, label %22, label %20, !prof !7, !misexpect !6 %21 = phi i32 [ 2, %11 ], [ 1, %16 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %12, i32 %21) #76 br label %22 %23 = bitcast %struct.pid* %0 to i8* %24 = or i32 %1, 524290 %25 = tail call i32 @anon_inode_getfd(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.5888, i64 0, i64 0), %struct.file_operations* nonnull @pidfd_fops, i8* nonnull %23, i32 %24) #76 ------------- Good: 6 Bad: 2 Ignored: 0 Check Use of Function:posix_acl_xattr_get Check Use of Function:dma_sync_single_for_cpu Check Use of Function:security_inode_getsecurity Check Use of Function:copy_strings Check Use of Function:io_issue_sqe Check Use of Function:snapshot_compat_ioctl Check Use of Function:io_req_complete_post Check Use of Function:xt_find_revision Check Use of Function:ns_to_timespec64 Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %0, i64 0, i32 4 %7 = load %struct.sock.273263*, %struct.sock.273263** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 62 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #76 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl 2 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.socket.273260** %10 = load %struct.socket.273260*, %struct.socket.273260** %9, align 8 %11 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 4 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 5 %13 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %12, align 32 %14 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %13, i64 0, i32 10 %15 = load i32 (%struct.socket.273260*, i32, i64)*, i32 (%struct.socket.273260*, i32, i64)** %14, align 8 %16 = icmp eq i32 (%struct.socket.273260*, i32, i64)* %15, null br i1 %16, label %19, label %17 %20 = phi i32 [ %18, %17 ], [ -515, %3 ] %21 = icmp eq i32 %20, -515 %22 = and i32 %1, -256 %23 = icmp eq i32 %22, 35584 %24 = and i1 %23, %21 %25 = xor i1 %21, true %26 = or i1 %23, %25 %27 = select i1 %24, i32 -22, i32 %20 br i1 %26, label %193, label %28 %29 = and i64 %2, 4294967295 %30 = inttoptr i64 %29 to i8* %31 = load %struct.sock.273263*, %struct.sock.273263** %11, align 8 %32 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %31, i64 0, i32 0, i32 9, i32 0 %33 = load %struct.net.273332*, %struct.net.273332** %32, align 8 %34 = and i32 %1, -16 %35 = icmp eq i32 %34, 35312 br i1 %35, label %36, label %39 switch i32 %1, label %193 [ i32 35137, label %40 i32 35136, label %40 i32 35146, label %53 i32 35078, label %98 i32 35079, label %98 i32 35142, label %106 i32 35219, label %106 i32 35220, label %106 i32 35248, label %106 i32 35249, label %106 i32 35073, label %140 i32 35074, label %140 i32 35075, label %140 i32 35076, label %140 i32 35232, label %140 i32 35233, label %140 i32 35202, label %140 i32 35203, label %140 i32 35148, label %140 i32 -2146399994, label %140 i32 -2146399993, label %140 i32 35090, label %140 i32 35091, label %143 i32 35092, label %143 i32 35184, label %143 i32 35185, label %143 i32 35101, label %143 i32 35102, label %143 i32 35105, label %143 i32 35106, label %143 i32 35103, label %143 i32 35104, label %143 i32 35111, label %143 i32 35108, label %143 i32 35121, label %143 i32 35122, label %143 i32 35123, label %143 i32 35093, label %143 i32 35094, label %143 i32 35127, label %143 i32 35126, label %143 i32 35097, label %143 i32 35098, label %143 i32 35095, label %143 i32 35096, label %143 i32 35099, label %143 i32 35100, label %143 i32 35124, label %143 i32 35125, label %143 i32 35138, label %143 i32 35139, label %143 i32 35234, label %143 i32 35235, label %143 i32 35088, label %143 i32 35107, label %143 i32 35143, label %143 i32 35144, label %143 i32 35145, label %143 i32 35216, label %143 i32 35217, label %143 i32 35218, label %143 i32 35221, label %143 i32 35157, label %143 i32 35156, label %143 i32 35155, label %143 i32 21521, label %143 i32 35147, label %143 i32 35077, label %143 ] %141 = tail call i64 @sock_ioctl(%struct.file.273225* %0, i32 %1, i64 %2) #76 Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = inttoptr i64 %2 to i8* %9 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.socket.273260** %11 = load %struct.socket.273260*, %struct.socket.273260** %10, align 8 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 4 %13 = load %struct.sock.273263*, %struct.sock.273263** %12, align 8 %14 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %13, i64 0, i32 0, i32 9, i32 0 %15 = load %struct.net.273332*, %struct.net.273332** %14, align 8 %16 = and i32 %1, -16 %17 = icmp eq i32 %16, 35312 br i1 %17, label %18, label %57, !prof !4, !misexpect !5 switch i32 %1, label %135 [ i32 35073, label %58 i32 35074, label %58 i32 35075, label %73 i32 35076, label %73 i32 35136, label %83 i32 35137, label %83 i32 35232, label %83 i32 35233, label %83 i32 35202, label %95 i32 35203, label %95 i32 35148, label %107 i32 35078, label %114 i32 35079, label %114 i32 -2146399994, label %123 i32 -2146399993, label %123 i32 35090, label %132 ] %124 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 5 %125 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %124, align 32 %126 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %125, i64 0, i32 11 %127 = load i32 (%struct.socket.273260*, i8*, i1, i1)*, i32 (%struct.socket.273260*, i8*, i1, i1)** %126, align 8 %128 = icmp eq i32 (%struct.socket.273260*, i8*, i1, i1)* %127, null br i1 %128, label %185, label %129 %130 = icmp eq i32 %1, -2146399994 %131 = tail call i32 %127(%struct.socket.273260* %11, i8* %8, i1 zeroext %130, i1 zeroext false) #76 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %0, i64 0, i32 4 %7 = load %struct.sock.273263*, %struct.sock.273263** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 62 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #76 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl ------------- Path:  Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = inttoptr i64 %2 to i8* %9 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.socket.273260** %11 = load %struct.socket.273260*, %struct.socket.273260** %10, align 8 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 4 %13 = load %struct.sock.273263*, %struct.sock.273263** %12, align 8 %14 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %13, i64 0, i32 0, i32 9, i32 0 %15 = load %struct.net.273332*, %struct.net.273332** %14, align 8 %16 = and i32 %1, -16 %17 = icmp eq i32 %16, 35312 br i1 %17, label %18, label %57, !prof !4, !misexpect !5 switch i32 %1, label %135 [ i32 35073, label %58 i32 35074, label %58 i32 35075, label %73 i32 35076, label %73 i32 35136, label %83 i32 35137, label %83 i32 35232, label %83 i32 35233, label %83 i32 35202, label %95 i32 35203, label %95 i32 35148, label %107 i32 35078, label %114 i32 35079, label %114 i32 -2146399994, label %123 i32 -2146399993, label %123 i32 35090, label %132 ] %124 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 5 %125 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %124, align 32 %126 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %125, i64 0, i32 11 %127 = load i32 (%struct.socket.273260*, i8*, i1, i1)*, i32 (%struct.socket.273260*, i8*, i1, i1)** %126, align 8 %128 = icmp eq i32 (%struct.socket.273260*, i8*, i1, i1)* %127, null br i1 %128, label %185, label %129 %130 = icmp eq i32 %1, -2146399994 %131 = tail call i32 %127(%struct.socket.273260* %11, i8* %8, i1 zeroext %130, i1 zeroext false) #76 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %0, i64 0, i32 4 %7 = load %struct.sock.273263*, %struct.sock.273263** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 62 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #76 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #76 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #76 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %0, i64 0, i32 4 %7 = load %struct.sock.273263*, %struct.sock.273263** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 62 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl 2 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.socket.273260** %10 = load %struct.socket.273260*, %struct.socket.273260** %9, align 8 %11 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 4 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %10, i64 0, i32 5 %13 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %12, align 32 %14 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %13, i64 0, i32 10 %15 = load i32 (%struct.socket.273260*, i32, i64)*, i32 (%struct.socket.273260*, i32, i64)** %14, align 8 %16 = icmp eq i32 (%struct.socket.273260*, i32, i64)* %15, null br i1 %16, label %19, label %17 %20 = phi i32 [ %18, %17 ], [ -515, %3 ] %21 = icmp eq i32 %20, -515 %22 = and i32 %1, -256 %23 = icmp eq i32 %22, 35584 %24 = and i1 %23, %21 %25 = xor i1 %21, true %26 = or i1 %23, %25 %27 = select i1 %24, i32 -22, i32 %20 br i1 %26, label %193, label %28 %29 = and i64 %2, 4294967295 %30 = inttoptr i64 %29 to i8* %31 = load %struct.sock.273263*, %struct.sock.273263** %11, align 8 %32 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %31, i64 0, i32 0, i32 9, i32 0 %33 = load %struct.net.273332*, %struct.net.273332** %32, align 8 %34 = and i32 %1, -16 %35 = icmp eq i32 %34, 35312 br i1 %35, label %36, label %39 switch i32 %1, label %193 [ i32 35137, label %40 i32 35136, label %40 i32 35146, label %53 i32 35078, label %98 i32 35079, label %98 i32 35142, label %106 i32 35219, label %106 i32 35220, label %106 i32 35248, label %106 i32 35249, label %106 i32 35073, label %140 i32 35074, label %140 i32 35075, label %140 i32 35076, label %140 i32 35232, label %140 i32 35233, label %140 i32 35202, label %140 i32 35203, label %140 i32 35148, label %140 i32 -2146399994, label %140 i32 -2146399993, label %140 i32 35090, label %140 i32 35091, label %143 i32 35092, label %143 i32 35184, label %143 i32 35185, label %143 i32 35101, label %143 i32 35102, label %143 i32 35105, label %143 i32 35106, label %143 i32 35103, label %143 i32 35104, label %143 i32 35111, label %143 i32 35108, label %143 i32 35121, label %143 i32 35122, label %143 i32 35123, label %143 i32 35093, label %143 i32 35094, label %143 i32 35127, label %143 i32 35126, label %143 i32 35097, label %143 i32 35098, label %143 i32 35095, label %143 i32 35096, label %143 i32 35099, label %143 i32 35100, label %143 i32 35124, label %143 i32 35125, label %143 i32 35138, label %143 i32 35139, label %143 i32 35234, label %143 i32 35235, label %143 i32 35088, label %143 i32 35107, label %143 i32 35143, label %143 i32 35144, label %143 i32 35145, label %143 i32 35216, label %143 i32 35217, label %143 i32 35218, label %143 i32 35221, label %143 i32 35157, label %143 i32 35156, label %143 i32 35155, label %143 i32 21521, label %143 i32 35147, label %143 i32 35077, label %143 ] %141 = tail call i64 @sock_ioctl(%struct.file.273225* %0, i32 %1, i64 %2) #76 Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = inttoptr i64 %2 to i8* %9 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.socket.273260** %11 = load %struct.socket.273260*, %struct.socket.273260** %10, align 8 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 4 %13 = load %struct.sock.273263*, %struct.sock.273263** %12, align 8 %14 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %13, i64 0, i32 0, i32 9, i32 0 %15 = load %struct.net.273332*, %struct.net.273332** %14, align 8 %16 = and i32 %1, -16 %17 = icmp eq i32 %16, 35312 br i1 %17, label %18, label %57, !prof !4, !misexpect !5 switch i32 %1, label %135 [ i32 35073, label %58 i32 35074, label %58 i32 35075, label %73 i32 35076, label %73 i32 35136, label %83 i32 35137, label %83 i32 35232, label %83 i32 35233, label %83 i32 35202, label %95 i32 35203, label %95 i32 35148, label %107 i32 35078, label %114 i32 35079, label %114 i32 -2146399994, label %123 i32 -2146399993, label %123 i32 35090, label %132 ] %124 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 5 %125 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %124, align 32 %126 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %125, i64 0, i32 11 %127 = load i32 (%struct.socket.273260*, i8*, i1, i1)*, i32 (%struct.socket.273260*, i8*, i1, i1)** %126, align 8 %128 = icmp eq i32 (%struct.socket.273260*, i8*, i1, i1)* %127, null br i1 %128, label %185, label %129 %130 = icmp eq i32 %1, -2146399994 %131 = tail call i32 %127(%struct.socket.273260* %11, i8* %8, i1 zeroext %130, i1 zeroext false) #76 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %0, i64 0, i32 4 %7 = load %struct.sock.273263*, %struct.sock.273263** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 62 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl ------------- Path:  Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca %struct.ifreq, align 8 %7 = alloca i8, align 1 %8 = inttoptr i64 %2 to i8* %9 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.socket.273260** %11 = load %struct.socket.273260*, %struct.socket.273260** %10, align 8 %12 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 4 %13 = load %struct.sock.273263*, %struct.sock.273263** %12, align 8 %14 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %13, i64 0, i32 0, i32 9, i32 0 %15 = load %struct.net.273332*, %struct.net.273332** %14, align 8 %16 = and i32 %1, -16 %17 = icmp eq i32 %16, 35312 br i1 %17, label %18, label %57, !prof !4, !misexpect !5 switch i32 %1, label %135 [ i32 35073, label %58 i32 35074, label %58 i32 35075, label %73 i32 35076, label %73 i32 35136, label %83 i32 35137, label %83 i32 35232, label %83 i32 35233, label %83 i32 35202, label %95 i32 35203, label %95 i32 35148, label %107 i32 35078, label %114 i32 35079, label %114 i32 -2146399994, label %123 i32 -2146399993, label %123 i32 35090, label %132 ] %124 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %11, i64 0, i32 5 %125 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %124, align 32 %126 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %125, i64 0, i32 11 %127 = load i32 (%struct.socket.273260*, i8*, i1, i1)*, i32 (%struct.socket.273260*, i8*, i1, i1)** %126, align 8 %128 = icmp eq i32 (%struct.socket.273260*, i8*, i1, i1)* %127, null br i1 %128, label %185, label %129 %130 = icmp eq i32 %1, -2146399994 %131 = tail call i32 %127(%struct.socket.273260* %11, i8* %8, i1 zeroext %130, i1 zeroext false) #76 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %0, i64 0, i32 4 %7 = load %struct.sock.273263*, %struct.sock.273263** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %7, i64 0, i32 62 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #76 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.311880* %30, %struct.pci_devres* %36) #76 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #76 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #76 %100 = extractvalue { i64, i64 } %99, 0 %101 = extractvalue { i64, i64 } %99, 1 %102 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %100, i64* %102, align 8 %103 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 %101, i64* %103, align 8 %104 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 0 %105 = load i64, i64* %104, align 8 %106 = call { i64, i64 } @ns_to_timespec64(i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.311880* %30, %struct.pci_devres* %36) #76 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #76 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #76 %100 = extractvalue { i64, i64 } %99, 0 %101 = extractvalue { i64, i64 } %99, 1 %102 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %100, i64* %102, align 8 %103 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 %101, i64* %103, align 8 %104 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 0 %105 = load i64, i64* %104, align 8 %106 = call { i64, i64 } @ns_to_timespec64(i64 %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.311880* %30, %struct.pci_devres* %36) #76 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #76 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #76 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.311880* %30, %struct.pci_devres* %36) #76 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #76 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #76 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.311880* %30, %struct.pci_devres* %36) #76 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %18 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %3, i64 0, i32 0 %19 = load i8, i8* %18, align 4 %20 = and i8 %19, 15 %21 = icmp eq i8 %20, 2 br i1 %21, label %22, label %77 %23 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %24 = load i32, i32* %23, align 4 switch i32 %24, label %27 [ i32 1, label %25 i32 2, label %26 ] tail call void @ktime_get_ts64(%struct.cpu_itimer* %1) #76 br label %28 %29 = getelementptr inbounds %struct.azx_dev, %struct.azx_dev* %11, i64 0, i32 0, i32 20 %30 = tail call i64 @timecounter_read(%struct.timecounter* %29) #76 %31 = udiv i64 %30, 3 %32 = load i8, i8* %18, align 4 %33 = and i8 %32, 16 %34 = icmp eq i8 %33, 0 br i1 %34, label %65, label %35 %36 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 2 %37 = bitcast i8** %36 to %struct.azx_pcm** %38 = load %struct.azx_pcm*, %struct.azx_pcm** %37, align 8 %39 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 3 %40 = load %struct.hda_pcm*, %struct.hda_pcm** %39, align 8 %41 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43, i32 8, i32 4 %45 = load i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)*, i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)** %44, align 8 %46 = icmp eq i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)* %45, null br i1 %46, label %65, label %47 %48 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43 %49 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 2 %50 = load %struct.hda_codec*, %struct.hda_codec** %49, align 8 %51 = tail call i32 %45(%struct.hda_pcm_stream* %48, %struct.hda_codec* %50, %struct.snd_pcm_substream* %0) #76 %52 = zext i32 %51 to i64 %53 = mul nuw nsw i64 %52, 1000000000 %54 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %55 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %54, i64 0, i32 14 %56 = load i32, i32* %55, align 4 %57 = zext i32 %56 to i64 %58 = udiv i64 %53, %57 %59 = load i32, i32* %41, align 4 %60 = icmp eq i32 %59, 1 br i1 %60, label %61, label %63 br label %65 %66 = phi i64 [ %31, %28 ], [ %62, %61 ], [ %64, %63 ], [ %31, %35 ] %67 = tail call { i64, i64 } @ns_to_timespec64(i64 %66) #76 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.311880* %30, %struct.pci_devres* %36) #76 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %18 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %3, i64 0, i32 0 %19 = load i8, i8* %18, align 4 %20 = and i8 %19, 15 %21 = icmp eq i8 %20, 2 br i1 %21, label %22, label %77 %23 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %24 = load i32, i32* %23, align 4 switch i32 %24, label %27 [ i32 1, label %25 i32 2, label %26 ] tail call void @ktime_get_ts64(%struct.cpu_itimer* %1) #76 br label %28 %29 = getelementptr inbounds %struct.azx_dev, %struct.azx_dev* %11, i64 0, i32 0, i32 20 %30 = tail call i64 @timecounter_read(%struct.timecounter* %29) #76 %31 = udiv i64 %30, 3 %32 = load i8, i8* %18, align 4 %33 = and i8 %32, 16 %34 = icmp eq i8 %33, 0 br i1 %34, label %65, label %35 %36 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 2 %37 = bitcast i8** %36 to %struct.azx_pcm** %38 = load %struct.azx_pcm*, %struct.azx_pcm** %37, align 8 %39 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 3 %40 = load %struct.hda_pcm*, %struct.hda_pcm** %39, align 8 %41 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43, i32 8, i32 4 %45 = load i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)*, i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)** %44, align 8 %46 = icmp eq i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)* %45, null br i1 %46, label %65, label %47 %48 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43 %49 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 2 %50 = load %struct.hda_codec*, %struct.hda_codec** %49, align 8 %51 = tail call i32 %45(%struct.hda_pcm_stream* %48, %struct.hda_codec* %50, %struct.snd_pcm_substream* %0) #76 %52 = zext i32 %51 to i64 %53 = mul nuw nsw i64 %52, 1000000000 %54 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %55 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %54, i64 0, i32 14 %56 = load i32, i32* %55, align 4 %57 = zext i32 %56 to i64 %58 = udiv i64 %53, %57 %59 = load i32, i32* %41, align 4 %60 = icmp eq i32 %59, 1 br i1 %60, label %61, label %63 br label %65 %66 = phi i64 [ %31, %28 ], [ %62, %61 ], [ %64, %63 ], [ %31, %35 ] %67 = tail call { i64, i64 } @ns_to_timespec64(i64 %66) #76 ------------- Use: =BAD PATH= Call Stack: 0 update_audio_tstamp 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %49 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %50 = load i32, i32* %49, align 4 switch i32 %50, label %53 [ i32 1, label %51 i32 2, label %52 ] call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %4) #76 br label %54 %55 = icmp eq i64 %19, -1 br i1 %55, label %56, label %80 %81 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 18 %82 = load i64, i64* %81, align 8 %83 = icmp ult i64 %19, %82 br i1 %83, label %98, label %84 %85 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 store i8 0, i8* %88, align 16 %89 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 0 %90 = load %struct.snd_pcm*, %struct.snd_pcm** %89, align 8 %91 = getelementptr inbounds %struct.snd_pcm, %struct.snd_pcm* %90, i64 0, i32 0 %92 = load %struct.snd_card*, %struct.snd_card** %91, align 8 %93 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %92, i64 0, i32 27 %94 = load %struct.device*, %struct.device** %93, align 8 %95 = load i64, i64* %81, align 8 %96 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %97 = load i64, i64* %96, align 8 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %94, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.61733, i64 0, i64 0), i8* nonnull %88, i64 %19, i64 %95, i64 %97) #77 br label %98 %99 = phi i64 [ %19, %80 ], [ 0, %84 ], [ 0, %87 ] %100 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 19 %101 = load i64, i64* %100, align 8 %102 = urem i64 %99, %101 %103 = sub i64 %99, %102 %104 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 5 %105 = load i64, i64* %104, align 8 %106 = add i64 %105, %103 %107 = icmp eq i32 %1, 0 br i1 %107, label %133, label %108 %134 = icmp ult i64 %106, %14 br i1 %134, label %135, label %144 %145 = phi i64 [ %130, %124 ], [ %141, %135 ], [ %105, %133 ] %146 = phi i1 [ %131, %124 ], [ %142, %135 ], [ false, %133 ] %147 = phi i64 [ %132, %124 ], [ %143, %135 ], [ %106, %133 ] %148 = zext i1 %146 to i32 %149 = sub i64 %147, %14 %150 = icmp slt i64 %149, 0 br i1 %150, label %151, label %155 %152 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %149 br label %155 %156 = phi i64 [ %154, %151 ], [ %149, %144 ] %157 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 26 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %194, label %161 %162 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 %163 = load i64, i64* %162, align 8 %164 = sub i64 %20, %163 %165 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 8 %166 = load i64, i64* %165, align 8 %167 = lshr i64 %166, 1 %168 = icmp ult i64 %164, %167 br i1 %168, label %202, label %169 %170 = mul i64 %156, 1000 %171 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 14 %172 = load i32, i32* %171, align 4 %173 = zext i32 %172 to i64 %174 = sdiv i64 %170, %173 %175 = sub i64 %164, %174 %176 = add nuw i64 %167, 1 %177 = icmp sgt i64 %175, %176 br i1 %177, label %178, label %202 %203 = phi i64 [ %145, %161 ], [ %145, %194 ], [ %188, %200 ], [ %145, %169 ] %204 = phi i32 [ %148, %161 ], [ %148, %194 ], [ %191, %200 ], [ %148, %169 ] %205 = phi i64 [ %147, %161 ], [ %147, %194 ], [ %201, %200 ], [ %147, %169 ] %206 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %207 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %206, i64 0, i32 3 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %208, %205 br i1 %209, label %210, label %212 %213 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %214 = load i32, i32* %213, align 4 %215 = icmp eq i32 %214, 0 br i1 %215, label %216, label %221 %217 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 32 %218 = load i64, i64* %217, align 8 %219 = icmp eq i64 %218, 0 br i1 %219, label %221, label %220 br i1 %107, label %239, label %222 %223 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 6 %224 = load i64, i64* %223, align 8 %225 = sub i64 %205, %224 %226 = icmp slt i64 %225, 0 %227 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %228 = load i64, i64* %227, align 8 %229 = select i1 %226, i64 %228, i64 0 %230 = add i64 %225, %229 %231 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %232 = load i64, i64* %231, align 8 %233 = urem i64 %230, %232 %234 = sub i64 %230, %233 %235 = add i64 %234, %224 store i64 %235, i64* %223, align 8 %236 = icmp ult i64 %235, %228 br i1 %236, label %239, label %237 store i64 %203, i64* %104, align 8 %240 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %241 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %240, i64 0, i32 3 store i64 %205, i64* %241, align 8 %242 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 store i64 %20, i64* %242, align 8 %243 = icmp eq i32 %204, 0 br i1 %243, label %250, label %244 call fastcc void @update_audio_tstamp(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5) #78 Function:update_audio_tstamp %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %5, align 8 %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 27 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %95 %12 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %13 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %12, align 8 %14 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %13, i64 0, i32 9 %15 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %14, align 8 %16 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %15, null br i1 %16, label %25, label %17 %26 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 10 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 37 %29 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %28, align 8 %30 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %29, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, %27 %33 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 56, i32 0 %34 = load i8, i8* %33, align 4 %35 = and i8 %34, 16 %36 = icmp eq i8 %35, 0 br i1 %36, label %47, label %37 %48 = phi i64 [ %44, %43 ], [ %46, %45 ], [ %32, %25 ] %49 = mul i64 %48, 1000000000 %50 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 14 %51 = load i32, i32* %50, align 4 %52 = zext i32 %51 to i64 %53 = udiv i64 %49, %52 %54 = tail call { i64, i64 } @ns_to_timespec64(i64 %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 update_audio_tstamp 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_rewind 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.734306*, %struct.snd_pcm_substream.734306** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.734306* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %561 = inttoptr i64 %10 to i32* %563 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %561, i64 4, i64 %562) #6, !srcloc !32 %564 = extractvalue { i32*, i32, i64 } %563, 0 %565 = extractvalue { i32*, i32, i64 } %563, 2 %566 = ptrtoint i32* %564 to i64 %567 = and i64 %566, 4294967295 %568 = icmp eq i64 %567, 0 br i1 %568, label %569, label %620, !prof !5, !misexpect !6 %570 = extractvalue { i32*, i32, i64 } %563, 1 %571 = zext i32 %570 to i64 %572 = tail call fastcc i64 @snd_pcm_rewind(%struct.snd_pcm_substream.734306* nonnull %18, i64 %571) #77 Function:snd_pcm_rewind %3 = icmp eq i64 %1, 0 br i1 %3, label %104, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.734291*, %struct.snd_pcm.734291** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.734291, %struct.snd_pcm.734291* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #76 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.734306, %struct.snd_pcm_substream.734306* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.734302*, %struct.snd_pcm_runtime.734302** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.734302, %struct.snd_pcm_runtime.734302* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %93 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.734306*)*)(%struct.snd_pcm_substream.734306* %0) #76 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #76 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #76 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.311880, %struct.anon.0.311880* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %49 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %50 = load i32, i32* %49, align 4 switch i32 %50, label %53 [ i32 1, label %51 i32 2, label %52 ] call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %4) #76 br label %54 %55 = icmp eq i64 %19, -1 br i1 %55, label %56, label %80 %81 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 18 %82 = load i64, i64* %81, align 8 %83 = icmp ult i64 %19, %82 br i1 %83, label %98, label %84 %85 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 store i8 0, i8* %88, align 16 %89 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 0 %90 = load %struct.snd_pcm*, %struct.snd_pcm** %89, align 8 %91 = getelementptr inbounds %struct.snd_pcm, %struct.snd_pcm* %90, i64 0, i32 0 %92 = load %struct.snd_card*, %struct.snd_card** %91, align 8 %93 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %92, i64 0, i32 27 %94 = load %struct.device*, %struct.device** %93, align 8 %95 = load i64, i64* %81, align 8 %96 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %97 = load i64, i64* %96, align 8 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %94, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.61733, i64 0, i64 0), i8* nonnull %88, i64 %19, i64 %95, i64 %97) #77 br label %98 %99 = phi i64 [ %19, %80 ], [ 0, %84 ], [ 0, %87 ] %100 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 19 %101 = load i64, i64* %100, align 8 %102 = urem i64 %99, %101 %103 = sub i64 %99, %102 %104 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 5 %105 = load i64, i64* %104, align 8 %106 = add i64 %105, %103 %107 = icmp eq i32 %1, 0 br i1 %107, label %133, label %108 %134 = icmp ult i64 %106, %14 br i1 %134, label %135, label %144 %145 = phi i64 [ %130, %124 ], [ %141, %135 ], [ %105, %133 ] %146 = phi i1 [ %131, %124 ], [ %142, %135 ], [ false, %133 ] %147 = phi i64 [ %132, %124 ], [ %143, %135 ], [ %106, %133 ] %148 = zext i1 %146 to i32 %149 = sub i64 %147, %14 %150 = icmp slt i64 %149, 0 br i1 %150, label %151, label %155 %152 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %149 br label %155 %156 = phi i64 [ %154, %151 ], [ %149, %144 ] %157 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 26 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %194, label %161 %162 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 %163 = load i64, i64* %162, align 8 %164 = sub i64 %20, %163 %165 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 8 %166 = load i64, i64* %165, align 8 %167 = lshr i64 %166, 1 %168 = icmp ult i64 %164, %167 br i1 %168, label %202, label %169 %170 = mul i64 %156, 1000 %171 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 14 %172 = load i32, i32* %171, align 4 %173 = zext i32 %172 to i64 %174 = sdiv i64 %170, %173 %175 = sub i64 %164, %174 %176 = add nuw i64 %167, 1 %177 = icmp sgt i64 %175, %176 br i1 %177, label %178, label %202 %203 = phi i64 [ %145, %161 ], [ %145, %194 ], [ %188, %200 ], [ %145, %169 ] %204 = phi i32 [ %148, %161 ], [ %148, %194 ], [ %191, %200 ], [ %148, %169 ] %205 = phi i64 [ %147, %161 ], [ %147, %194 ], [ %201, %200 ], [ %147, %169 ] %206 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %207 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %206, i64 0, i32 3 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %208, %205 br i1 %209, label %210, label %212 %213 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %214 = load i32, i32* %213, align 4 %215 = icmp eq i32 %214, 0 br i1 %215, label %216, label %221 %217 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 32 %218 = load i64, i64* %217, align 8 %219 = icmp eq i64 %218, 0 br i1 %219, label %221, label %220 br i1 %107, label %239, label %222 %223 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 6 %224 = load i64, i64* %223, align 8 %225 = sub i64 %205, %224 %226 = icmp slt i64 %225, 0 %227 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %228 = load i64, i64* %227, align 8 %229 = select i1 %226, i64 %228, i64 0 %230 = add i64 %225, %229 %231 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %232 = load i64, i64* %231, align 8 %233 = urem i64 %230, %232 %234 = sub i64 %230, %233 %235 = add i64 %234, %224 store i64 %235, i64* %223, align 8 %236 = icmp ult i64 %235, %228 br i1 %236, label %239, label %237 store i64 %203, i64* %104, align 8 %240 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %241 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %240, i64 0, i32 3 store i64 %205, i64* %241, align 8 %242 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 store i64 %20, i64* %242, align 8 %243 = icmp eq i32 %204, 0 br i1 %243, label %250, label %244 call fastcc void @update_audio_tstamp(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5) #78 Function:update_audio_tstamp %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %5, align 8 %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 27 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %95 %12 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %13 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %12, align 8 %14 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %13, i64 0, i32 9 %15 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)** %14, align 8 %16 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.311880*, %struct.pci_devres*)* %15, null br i1 %16, label %25, label %17 %26 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 10 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 37 %29 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %28, align 8 %30 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %29, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, %27 %33 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 56, i32 0 %34 = load i8, i8* %33, align 4 %35 = and i8 %34, 16 %36 = icmp eq i8 %35, 0 br i1 %36, label %47, label %37 %48 = phi i64 [ %44, %43 ], [ %46, %45 ], [ %32, %25 ] %49 = mul i64 %48, 1000000000 %50 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 14 %51 = load i32, i32* %50, align 4 %52 = zext i32 %51 to i64 %53 = udiv i64 %49, %52 %54 = tail call { i64, i64 } @ns_to_timespec64(i64 %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info** %16 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info* %16, %struct.perf_branch_entry* nonnull %5) #76 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #76 %221 = extractvalue { i64, i64 } %220, 0 %222 = extractvalue { i64, i64 } %220, 1 %223 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 0 store i64 %221, i64* %223, align 8 %224 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 1 store i64 %222, i64* %224, align 8 %225 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 0 store i64 %221, i64* %225, align 8 %226 = trunc i64 %222 to i32 %227 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 1 store i32 %226, i32* %227, align 8 %228 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = call { i64, i64 } @ns_to_timespec64(i64 %229) #76 %231 = extractvalue { i64, i64 } %230, 0 %232 = extractvalue { i64, i64 } %230, 1 store i64 %231, i64* %223, align 8 store i64 %232, i64* %224, align 8 %233 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 1, i32 0 store i64 %231, i64* %233, align 8 %234 = trunc i64 %232 to i32 %235 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 1, i32 1 store i32 %234, i32* %235, align 8 %236 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 2 %237 = load i64, i64* %236, align 8 %238 = call { i64, i64 } @ns_to_timespec64(i64 %237) #76 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info** %16 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info* %16, %struct.perf_branch_entry* nonnull %5) #76 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #76 %221 = extractvalue { i64, i64 } %220, 0 %222 = extractvalue { i64, i64 } %220, 1 %223 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 0 store i64 %221, i64* %223, align 8 %224 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 1 store i64 %222, i64* %224, align 8 %225 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 0 store i64 %221, i64* %225, align 8 %226 = trunc i64 %222 to i32 %227 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 1 store i32 %226, i32* %227, align 8 %228 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = call { i64, i64 } @ns_to_timespec64(i64 %229) #76 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info** %16 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info* %16, %struct.perf_branch_entry* nonnull %5) #76 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #76 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_show ------------- Path:  Function:timerfd_show %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 3, i32 0 %7 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %6, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %7) #76 %8 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, -2 %11 = icmp eq i32 %10, 8 br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %14 = tail call i64 @alarm_expires_remaining(%struct.alarm* %13) #76 br label %25 %26 = phi i64 [ %14, %12 ], [ %24, %15 ] %27 = icmp sgt i64 %26, 0 %28 = select i1 %27, i64 %26, i64 0 %29 = tail call { i64, i64 } @ns_to_timespec64(i64 %28) #76 %30 = extractvalue { i64, i64 } %29, 0 %31 = extractvalue { i64, i64 } %29, 1 %32 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = tail call { i64, i64 } @ns_to_timespec64(i64 %33) #76 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_show ------------- Path:  Function:timerfd_show %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 3, i32 0 %7 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %6, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %7) #76 %8 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, -2 %11 = icmp eq i32 %10, 8 br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %14 = tail call i64 @alarm_expires_remaining(%struct.alarm* %13) #76 br label %25 %26 = phi i64 [ %14, %12 ], [ %24, %15 ] %27 = icmp sgt i64 %26, 0 %28 = select i1 %27, i64 %26, i64 0 %29 = tail call { i64, i64 } @ns_to_timespec64(i64 %28) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %67 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %68 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %67, align 32 %69 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %70 = load %struct.sighand_struct*, %struct.sighand_struct** %69, align 8 %71 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %70, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %71) #76 %72 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = icmp eq i64 %73, 0 br i1 %76, label %84, label %77 %85 = phi i64 [ %83, %77 ], [ 0, %66 ] %86 = bitcast %struct.sighand_struct** %69 to i8** %87 = load i8*, i8** %86, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %87, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %88 = call { i64, i64 } @ns_to_timespec64(i64 %85) #76 %89 = extractvalue { i64, i64 } %88, 0 %90 = extractvalue { i64, i64 } %88, 1 %91 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %89, i64* %91, align 8 %92 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %90, i64* %92, align 8 %93 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %67 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %68 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %67, align 32 %69 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %70 = load %struct.sighand_struct*, %struct.sighand_struct** %69, align 8 %71 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %70, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %71) #76 %72 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = icmp eq i64 %73, 0 br i1 %76, label %84, label %77 %85 = phi i64 [ %83, %77 ], [ 0, %66 ] %86 = bitcast %struct.sighand_struct** %69 to i8** %87 = load i8*, i8** %86, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %87, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %88 = call { i64, i64 } @ns_to_timespec64(i64 %85) #76 %89 = extractvalue { i64, i64 } %88, 0 %90 = extractvalue { i64, i64 } %88, 1 %91 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %89, i64* %91, align 8 %92 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %90, i64* %92, align 8 %93 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %67 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %68 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %67, align 32 %69 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %70 = load %struct.sighand_struct*, %struct.sighand_struct** %69, align 8 %71 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %70, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %71) #76 %72 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = icmp eq i64 %73, 0 br i1 %76, label %84, label %77 %85 = phi i64 [ %83, %77 ], [ 0, %66 ] %86 = bitcast %struct.sighand_struct** %69 to i8** %87 = load i8*, i8** %86, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %87, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %88 = call { i64, i64 } @ns_to_timespec64(i64 %85) #76 %89 = extractvalue { i64, i64 } %88, 0 %90 = extractvalue { i64, i64 } %88, 1 %91 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %89, i64* %91, align 8 %92 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %90, i64* %92, align 8 %93 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %67 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %68 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %67, align 32 %69 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %70 = load %struct.sighand_struct*, %struct.sighand_struct** %69, align 8 %71 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %70, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %71) #76 %72 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = icmp eq i64 %73, 0 br i1 %76, label %84, label %77 %85 = phi i64 [ %83, %77 ], [ 0, %66 ] %86 = bitcast %struct.sighand_struct** %69 to i8** %87 = load i8*, i8** %86, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %87, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %88 = call { i64, i64 } @ns_to_timespec64(i64 %85) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %67 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %68 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %67, align 32 %69 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %70 = load %struct.sighand_struct*, %struct.sighand_struct** %69, align 8 %71 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %70, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %71) #76 %72 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = icmp eq i64 %73, 0 br i1 %76, label %84, label %77 %85 = phi i64 [ %83, %77 ], [ 0, %66 ] %86 = bitcast %struct.sighand_struct** %69 to i8** %87 = load i8*, i8** %86, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %87, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %88 = call { i64, i64 } @ns_to_timespec64(i64 %85) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %67 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %68 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %67, align 32 %69 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %70 = load %struct.sighand_struct*, %struct.sighand_struct** %69, align 8 %71 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %70, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %71) #76 %72 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %68, i64 0, i32 18, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = icmp eq i64 %73, 0 br i1 %76, label %84, label %77 %85 = phi i64 [ %83, %77 ], [ 0, %66 ] %86 = bitcast %struct.sighand_struct** %69 to i8** %87 = load i8*, i8** %86, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %87, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %88 = call { i64, i64 } @ns_to_timespec64(i64 %85) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %34 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %35 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %34, align 32 %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 0 %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %40, 0 br i1 %43, label %52, label %44 %53 = phi i64 [ %51, %44 ], [ 0, %33 ] %54 = bitcast %struct.sighand_struct** %36 to i8** %55 = load i8*, i8** %54, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %55, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %56 = call { i64, i64 } @ns_to_timespec64(i64 %53) #76 %57 = extractvalue { i64, i64 } %56, 0 %58 = extractvalue { i64, i64 } %56, 1 %59 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %57, i64* %59, align 8 %60 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %58, i64* %60, align 8 %61 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %34 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %35 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %34, align 32 %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 0 %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %40, 0 br i1 %43, label %52, label %44 %53 = phi i64 [ %51, %44 ], [ 0, %33 ] %54 = bitcast %struct.sighand_struct** %36 to i8** %55 = load i8*, i8** %54, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %55, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %56 = call { i64, i64 } @ns_to_timespec64(i64 %53) #76 %57 = extractvalue { i64, i64 } %56, 0 %58 = extractvalue { i64, i64 } %56, 1 %59 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %57, i64* %59, align 8 %60 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %58, i64* %60, align 8 %61 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %34 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %35 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %34, align 32 %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 0 %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %40, 0 br i1 %43, label %52, label %44 %53 = phi i64 [ %51, %44 ], [ 0, %33 ] %54 = bitcast %struct.sighand_struct** %36 to i8** %55 = load i8*, i8** %54, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %55, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %56 = call { i64, i64 } @ns_to_timespec64(i64 %53) #76 %57 = extractvalue { i64, i64 } %56, 0 %58 = extractvalue { i64, i64 } %56, 1 %59 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %57, i64* %59, align 8 %60 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %58, i64* %60, align 8 %61 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %34 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %35 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %34, align 32 %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 0 %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %40, 0 br i1 %43, label %52, label %44 %53 = phi i64 [ %51, %44 ], [ 0, %33 ] %54 = bitcast %struct.sighand_struct** %36 to i8** %55 = load i8*, i8** %54, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %55, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %56 = call { i64, i64 } @ns_to_timespec64(i64 %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %34 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %35 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %34, align 32 %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 0 %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %40, 0 br i1 %43, label %52, label %44 %53 = phi i64 [ %51, %44 ], [ 0, %33 ] %54 = bitcast %struct.sighand_struct** %36 to i8** %55 = load i8*, i8** %54, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %55, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %56 = call { i64, i64 } @ns_to_timespec64(i64 %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %34 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %35 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %34, align 32 %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 0 %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %35, i64 0, i32 18, i64 1, i32 1 %42 = load i64, i64* %41, align 8 %43 = icmp eq i64 %40, 0 br i1 %43, label %52, label %44 %53 = phi i64 [ %51, %44 ], [ 0, %33 ] %54 = bitcast %struct.sighand_struct** %36 to i8** %55 = load i8*, i8** %54, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %55, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %56 = call { i64, i64 } @ns_to_timespec64(i64 %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %9 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %9) #76 %10 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %11 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %12 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %11, i64 0, i32 16 %13 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %12, i1 zeroext true) #76 %14 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %12) #76 %15 = icmp slt i64 %13, 1 %16 = select i1 %15, i64 1000, i64 %13 %17 = select i1 %14, i64 %16, i64 0 %18 = tail call { i64, i64 } @ns_to_timespec64(i64 %17) #76 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %19, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %20, i64* %22, align 8 %23 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %24 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %23, i64 0, i32 17 %25 = load i64, i64* %24, align 8 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %9 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %9) #76 %10 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %11 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %12 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %11, i64 0, i32 16 %13 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %12, i1 zeroext true) #76 %14 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %12) #76 %15 = icmp slt i64 %13, 1 %16 = select i1 %15, i64 1000, i64 %13 %17 = select i1 %14, i64 %16, i64 0 %18 = tail call { i64, i64 } @ns_to_timespec64(i64 %17) #76 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %19, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %20, i64* %22, align 8 %23 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %24 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %23, i64 0, i32 17 %25 = load i64, i64* %24, align 8 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %9 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %9) #76 %10 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %11 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %12 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %11, i64 0, i32 16 %13 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %12, i1 zeroext true) #76 %14 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %12) #76 %15 = icmp slt i64 %13, 1 %16 = select i1 %15, i64 1000, i64 %13 %17 = select i1 %14, i64 %16, i64 0 %18 = tail call { i64, i64 } @ns_to_timespec64(i64 %17) #76 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %19, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %20, i64* %22, align 8 %23 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %24 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %23, i64 0, i32 17 %25 = load i64, i64* %24, align 8 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %9 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %9) #76 %10 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %11 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %12 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %11, i64 0, i32 16 %13 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %12, i1 zeroext true) #76 %14 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %12) #76 %15 = icmp slt i64 %13, 1 %16 = select i1 %15, i64 1000, i64 %13 %17 = select i1 %14, i64 %16, i64 0 %18 = tail call { i64, i64 } @ns_to_timespec64(i64 %17) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %9 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %9) #76 %10 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %11 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %12 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %11, i64 0, i32 16 %13 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %12, i1 zeroext true) #76 %14 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %12) #76 %15 = icmp slt i64 %13, 1 %16 = select i1 %15, i64 1000, i64 %13 %17 = select i1 %14, i64 %16, i64 0 %18 = tail call { i64, i64 } @ns_to_timespec64(i64 %17) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #76 Function:do_getitimer %3 = alloca [3 x i64], align 16 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %98 [ i32 0, label %6 i32 1, label %33 i32 2, label %66 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %9 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %8, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %9) #76 %10 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %11 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %10, align 32 %12 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %11, i64 0, i32 16 %13 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %12, i1 zeroext true) #76 %14 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %12) #76 %15 = icmp slt i64 %13, 1 %16 = select i1 %15, i64 1000, i64 %13 %17 = select i1 %14, i64 %16, i64 0 %18 = tail call { i64, i64 } @ns_to_timespec64(i64 %17) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89084* %57 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %57) #77 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89084* %57 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %57) #77 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89084* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #77 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* %8 = bitcast i64* %6 to i8* %9 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #76 %39 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89036, %struct.signal_struct.89036* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89084* %57 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %57) #77 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89084* %57 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %57) #77 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89084* %47 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9589, i64 0, i64 0), i8* %47) #77 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #76 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89084** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89084**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89084* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89084, %struct.task_struct.89084* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #76 %18 = load %struct.signal_struct.89036*, %struct.signal_struct.89036** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89036, %struct.signal_struct.89036* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.88704*, i1)*)(%struct.hrtimer.88704* %19, i1 zeroext true) #76 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.88704*)*)(%struct.hrtimer.88704* %19) #76 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime ------------- Path:  Function:__x64_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.timens_offsets** %8 = load %struct.timens_offsets*, %struct.timens_offsets** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* %12 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %13 = icmp eq %struct.k_itimer.88004* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %12, i64 0, i32 3 %17 = load %struct.k_clock.88005*, %struct.k_clock.88005** %16, align 8 %18 = icmp eq %struct.k_clock.88005* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88004* nonnull %12, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime ------------- Path:  Function:__ia32_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.timens_offsets* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* %13 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %14 = icmp eq %struct.k_itimer.88004* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %13, i64 0, i32 3 %18 = load %struct.k_clock.88005*, %struct.k_clock.88005** %17, align 8 %19 = icmp eq %struct.k_clock.88005* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88004* nonnull %13, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.old_itimerspec32** %8 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* %12 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %13 = icmp eq %struct.k_itimer.88004* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %12, i64 0, i32 3 %17 = load %struct.k_clock.88005*, %struct.k_clock.88005** %16, align 8 %18 = icmp eq %struct.k_clock.88005* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88004* nonnull %12, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.old_itimerspec32* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* %13 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %14 = icmp eq %struct.k_itimer.88004* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %13, i64 0, i32 3 %18 = load %struct.k_clock.88005*, %struct.k_clock.88005** %17, align 8 %19 = icmp eq %struct.k_clock.88005* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88004* nonnull %13, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #76 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88004*, i64)*, i64 (%struct.k_itimer.88004*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88004* %0, i64 %27) #76 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88004* %0, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime ------------- Path:  Function:__x64_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.timens_offsets** %8 = load %struct.timens_offsets*, %struct.timens_offsets** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* %12 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %13 = icmp eq %struct.k_itimer.88004* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %12, i64 0, i32 3 %17 = load %struct.k_clock.88005*, %struct.k_clock.88005** %16, align 8 %18 = icmp eq %struct.k_clock.88005* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88004* nonnull %12, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime ------------- Path:  Function:__ia32_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.timens_offsets* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* %13 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %14 = icmp eq %struct.k_itimer.88004* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %13, i64 0, i32 3 %18 = load %struct.k_clock.88005*, %struct.k_clock.88005** %17, align 8 %19 = icmp eq %struct.k_clock.88005* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88004* nonnull %13, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.old_itimerspec32** %8 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* %12 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %13 = icmp eq %struct.k_itimer.88004* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %12, i64 0, i32 3 %17 = load %struct.k_clock.88005*, %struct.k_clock.88005** %16, align 8 %18 = icmp eq %struct.k_clock.88005* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88004* nonnull %12, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.old_itimerspec32* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* %13 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %14 = icmp eq %struct.k_itimer.88004* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %13, i64 0, i32 3 %18 = load %struct.k_clock.88005*, %struct.k_clock.88005** %17, align 8 %19 = icmp eq %struct.k_clock.88005* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88004* nonnull %13, %struct.timens_offsets* nonnull %3) #76 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %4 = load %struct.k_clock.88005*, %struct.k_clock.88005** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_compat_sys_sysinfo ------------- Path:  Function:__ia32_compat_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = alloca %struct.compat_sysinfo, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* %7 = bitcast %struct.compat_sysinfo* %3 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #76 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #76 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_sys_sysinfo ------------- Path:  Function:__ia32_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #76 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #76 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __x64_sys_sysinfo ------------- Path:  Function:__x64_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #76 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #76 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #76 ------------- Good: 659 Bad: 76 Ignored: 519 Check Use of Function:ext4_ioctl Use: =BAD PATH= Call Stack: 0 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %84 [ i32 -2147195389, label %5 i32 1074030084, label %6 i32 1074030087, label %7 i32 -2147191295, label %8 i32 1074034178, label %9 i32 -2147195387, label %10 i32 1074030086, label %11 i32 1076127240, label %12 i32 -1071094257, label %80 i32 1074292240, label %80 i32 -1072146311, label %80 i32 26130, label %80 i32 -2146671085, label %80 i32 1074816532, label %80 i32 1074554389, label %80 i32 -1073125866, label %80 i32 -1068472809, label %80 i32 -1069521384, label %80 i32 -1069521383, label %80 i32 -1065327078, label %80 i32 -2146408933, label %80 i32 -2147198851, label %80 i32 -1061136325, label %80 i32 1082156677, label %80 i32 -1073453434, label %80 i32 -1071094137, label %80 i32 26152, label %80 i32 1074030121, label %80 i32 -1071618518, label %80 i32 1074030123, label %80 ] %81 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %11 ], [ -2146933243, %10 ], [ 1074296322, %9 ], [ -2146929151, %8 ], [ 1074292231, %7 ], [ 1074292228, %6 ], [ -2146933245, %5 ] %82 = and i64 %2, 4294967295 %83 = tail call i64 @ext4_ioctl(%struct.file.196466* %0, i32 %81, i64 %82) #76 ------------- Good: 0 Bad: 1 Ignored: 1 Check Use of Function:ihold Use: =BAD PATH= Call Stack: 0 simple_link ------------- Path:  Function:simple_link %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %0, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = getelementptr inbounds %struct.inode.153255, %struct.inode.153255* %5, i64 0, i32 17 %7 = getelementptr inbounds %struct.inode.153255, %struct.inode.153255* %1, i64 0, i32 17 %8 = getelementptr inbounds %struct.inode.153255, %struct.inode.153255* %1, i64 0, i32 16 %9 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.153255*)*)(%struct.inode.153255* %5) #76 %10 = extractvalue { i64, i64 } %9, 0 %11 = extractvalue { i64, i64 } %9, 1 %12 = getelementptr inbounds %struct.inode.153255, %struct.inode.153255* %1, i64 0, i32 16, i32 0 store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.inode.153255, %struct.inode.153255* %1, i64 0, i32 16, i32 1 store i64 %11, i64* %13, align 8 %14 = bitcast %struct.cpu_itimer* %7 to i8* %15 = bitcast %struct.cpu_itimer* %8 to i8* %16 = bitcast %struct.cpu_itimer* %6 to i8* tail call void bitcast (void (%struct.inode.149921*)* @inc_nlink to void (%struct.inode.153255*)*)(%struct.inode.153255* %5) #76 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode.153255*)*)(%struct.inode.153255* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 shmem_link ------------- Path:  Function:shmem_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 12, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %34, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.shmem_sb_info** %14 = load %struct.shmem_sb_info*, %struct.shmem_sb_info** %13, align 16 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 10 %16 = load i64, i64* %15, align 16 %17 = and i64 %16, 4194304 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %34 %35 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 14 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, 20 store i64 %37, i64* %35, align 8 %38 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 17 %39 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 17 %40 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 16 %41 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode*)*)(%struct.inode* %5) #76 %42 = extractvalue { i64, i64 } %41, 0 %43 = extractvalue { i64, i64 } %41, 1 %44 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 16, i32 0 store i64 %42, i64* %44, align 8 %45 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 16, i32 1 store i64 %43, i64* %45, align 8 %46 = bitcast %struct.cpu_itimer* %39 to i8* %47 = bitcast %struct.cpu_itimer* %40 to i8* %48 = bitcast %struct.cpu_itimer* %38 to i8* tail call void bitcast (void (%struct.inode.149921*)* @inc_nlink to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 ------------- Good: 20 Bad: 5 Ignored: 8 Check Use of Function:vfs_fchmod Check Use of Function:tg3_read32 Check Use of Function:security_task_fix_setuid Check Use of Function:free_irq Use: =BAD PATH= Call Stack: 0 hpet_release ------------- Path:  Function:hpet_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 16 %6 = bitcast i8* %5 to i64** %7 = load i64*, i64** %6, align 8 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @hpet_lock, i64 0, i32 0, i32 0)) #76 %8 = tail call i64 asm sideeffect "movq $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7) #6, !srcloc !4 %9 = and i64 %8, -5 tail call void asm sideeffect "movq $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64 %9, i64* %7) #6, !srcloc !5 %10 = getelementptr inbounds i8, i8* %4, i64 76 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 store i32 0, i32* %11, align 4 %13 = getelementptr inbounds i8, i8* %4, i64 24 %14 = bitcast i8* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds i8, i8* %4, i64 72 %16 = bitcast i8* %15 to i32* %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = tail call i64 asm sideeffect "movq $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7) #6, !srcloc !4 %22 = and i64 %21, 8 %23 = icmp eq i64 %22, 0 br i1 %23, label %27, label %24 %28 = load i32, i32* %16, align 8 %29 = and i32 %28, -8 store i32 %29, i32* %16, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @hpet_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = icmp eq i32 %12, 0 br i1 %30, label %33, label %31 %32 = tail call i8* @free_irq(i32 %12, i8* %4) #76 ------------- Good: 92 Bad: 1 Ignored: 52 Check Use of Function:intel_gt_reset Check Use of Function:posix_clock_ioctl Check Use of Function:mq_find Check Use of Function:ext4_double_up_write_data_sem Check Use of Function:security_inode_create Check Use of Function:e1000e_phc_enable Check Use of Function:update_ref_ctr Check Use of Function:__tcf_chain_get Check Use of Function:rtnl_fdb_notify Check Use of Function:round_jiffies_relative Check Use of Function:hung_up_tty_ioctl Check Use of Function:security_msg_queue_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 94 %13 = load %struct.nsproxy*, %struct.nsproxy** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %16, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %17, align 4 %18 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 0, i64 1 %19 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %15, %struct.ipc_ids* %18, %struct.ipc_ops.265446* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 94 %13 = load %struct.nsproxy*, %struct.nsproxy** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %16, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %17, align 4 %18 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 0, i64 1 %19 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %15, %struct.ipc_ids* %18, %struct.ipc_ops.265446* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_msgget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #76 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %71 = tail call i64 @ksys_msgget(i32 %1, i32 %2) #76 Function:ksys_msgget %3 = alloca %struct.ipc_params, align 8 %4 = bitcast %struct.ipc_params* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 94 %8 = load %struct.nsproxy*, %struct.nsproxy** %7, align 8 %9 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace*, %struct.ipc_namespace** %9, align 8 %11 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 store i32 %0, i32* %11, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 store i32 %1, i32* %12, align 4 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 0, i64 1 %14 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %10, %struct.ipc_ids* %13, %struct.ipc_ops.265446* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %3) #76 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:hibernation_restore Check Use of Function:acpi_ut_create_internal_object_dbg Check Use of Function:dev_set_group Check Use of Function:dm_pr_clear Check Use of Function:backlight_force_update Check Use of Function:arch_uprobe_copy_ixol Check Use of Function:tty_buffer_restart_work Check Use of Function:snapshot_image_loaded Check Use of Function:proc_reg_unlocked_ioctl Check Use of Function:efivar_entry_iter_begin Check Use of Function:__mmap_lock_do_trace_start_locking Use: =BAD PATH= Call Stack: 0 probe_range 1 i915_gem_userptr_ioctl ------------- Path:  Function:i915_gem_userptr_ioctl %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %7 = bitcast %struct.mutex* %6 to i24* %8 = load i24, i24* %7, align 8 %9 = and i24 %8, 525312 %10 = icmp eq i24 %9, 0 br i1 %10, label %112, label %11 %12 = getelementptr inbounds i8, i8* %1, i64 16 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2147483644 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %112 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 8796093022207 br i1 %21, label %112, label %22 %23 = icmp eq i64 %20, 0 br i1 %23, label %112, label %24 %25 = bitcast i8* %1 to i64* %26 = load i64, i64* %25, align 8 %27 = or i64 %26, %20 %28 = and i64 %27, 4095 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %112 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %32 = add i64 %26, %20 %33 = icmp ult i64 %32, %20 %34 = icmp ugt i64 %32, %31 %35 = or i1 %33, %34 br i1 %35, label %112, label %36, !prof !5, !misexpect !6 %37 = load i32, i32* %13, align 8 %38 = icmp sgt i32 %37, -1 br i1 %38, label %39, label %112 %40 = and i32 %37, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %50, label %42 %43 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 19, i32 31, i32 3 %44 = bitcast %struct.list_head* %43 to %struct.i915_address_space.500843** %45 = load %struct.i915_address_space.500843*, %struct.i915_address_space.500843** %44, align 8 %46 = getelementptr inbounds %struct.i915_address_space.500843, %struct.i915_address_space.500843* %45, i64 0, i32 15 %47 = load i8, i8* %46, align 8 %48 = and i8 %47, 4 %49 = icmp eq i8 %48, 0 br i1 %49, label %112, label %50 %51 = and i32 %37, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %62, label %53 %54 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %55 = inttoptr i64 %54 to %struct.task_struct* %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %55, i64 0, i32 38 %57 = load %struct.mm_struct*, %struct.mm_struct** %56, align 64 %58 = load i64, i64* %25, align 8 %59 = load i64, i64* %19, align 8 %60 = tail call fastcc i32 @probe_range(%struct.mm_struct* %57, i64 %58, i64 %59) #76 Function:probe_range %4 = add i64 %2, %1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@probe_range, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #76 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %101 = zext i32 %4 to i64 %102 = inttoptr i64 %101 to i8* %103 = tail call i64 @ksys_shmdt(i8* %102) #76 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #76 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #76 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = alloca %struct.mmu_notifier_range, align 8 %8 = alloca %struct.kuid_t, align 4 %9 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %10 = bitcast i32* %6 to i8* %11 = icmp ult i64 %2, 12 %12 = select i1 %11, i64 %2, i64 12 %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %1, i64 %12) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %123 %16 = call i8* @strim(i8* nonnull %9) #76 %17 = call i32 @kstrtoint(i8* %16, i32 10, i32* nonnull %6) #76 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %21 %22 = load i32, i32* %6, align 4 %23 = add i32 %22, -1 %24 = icmp ugt i32 %23, 4 br i1 %24, label %123, label %25 %26 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %27 = load %struct.inode*, %struct.inode** %26, align 8 %28 = getelementptr %struct.inode, %struct.inode* %27, i64 -1, i32 41, i32 13 %29 = bitcast %struct.list_head* %28 to %struct.pid** %30 = load %struct.pid*, %struct.pid** %29, align 8 %31 = call %struct.task_struct* @get_pid_task(%struct.pid* %30, i32 0) #76 %32 = icmp eq %struct.task_struct* %31, null br i1 %32, label %123, label %33 %34 = call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %31) #76 %35 = icmp eq %struct.mm_struct* %34, null br i1 %35, label %111, label %36 %37 = bitcast %struct.mmu_notifier_range* %7 to i8* %38 = bitcast %struct.kuid_t* %8 to i8* %39 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 0, i32 0 store i32 %22, i32* %39, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@clear_refs_write, %40)) #6 to label %41 [label %40], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %34, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18209 ------------- Path:  Function:m_start.18209 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #76 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18209, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18209 ------------- Path:  Function:m_start.18209 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #76 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18209, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18209 ------------- Path:  Function:m_start.18209 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #76 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18209, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump ------------- Path:  Function:elf_core_dump %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf64_hdr, align 8 %7 = alloca %struct.elf_note_info, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.elf64_phdr, align 8 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf64_hdr, %struct.elf64_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 @dump_vma_snapshot(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #76 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump.17934 ------------- Path:  Function:elf_core_dump.17934 %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf32_hdr, align 4 %7 = alloca %struct.elf_note_info.169654, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.efi_info, align 4 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info.169654* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 @dump_vma_snapshot(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #76 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 remove_arg_zero 1 load_script ------------- Path:  Function:load_script %2 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 35 br i1 %4, label %5, label %122 %6 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 1 %7 = load i8, i8* %6, align 1 %8 = icmp eq i8 %7, 33 br i1 %8, label %9, label %122 %10 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 255 %11 = tail call i8* @strnchr(i8* %2, i64 256, i32 10) #76 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %36 %14 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 2 %15 = icmp ugt i8* %14, %10 br i1 %15, label %122, label %16 %17 = phi i8* [ %20, %19 ], [ %14, %13 ] %18 = load i8, i8* %17, align 1 switch i8 %18, label %22 [ i8 32, label %19 i8 9, label %19 ] %23 = icmp eq i8* %17, null %24 = icmp ugt i8* %17, %10 %25 = or i1 %23, %24 br i1 %25, label %122, label %26 %27 = phi i8 [ %33, %32 ], [ %18, %22 ] %28 = phi i8* [ %30, %32 ], [ %17, %22 ] switch i8 %27, label %29 [ i8 32, label %34 i8 9, label %34 i8 0, label %34 ] %35 = icmp eq i8* %28, null br i1 %35, label %122, label %36 %37 = phi i8* [ %10, %34 ], [ %11, %9 ] br label %38 %39 = phi i8* [ %37, %36 ], [ %40, %42 ] %40 = getelementptr i8, i8* %39, i64 -1 %41 = load i8, i8* %40, align 1 switch i8 %41, label %43 [ i8 32, label %42 i8 9, label %42 ] %44 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 2 %45 = icmp ugt i8* %44, %39 br i1 %45, label %122, label %46 %47 = phi i8* [ %50, %49 ], [ %44, %43 ] %48 = load i8, i8* %47, align 1 switch i8 %48, label %52 [ i8 32, label %49 i8 9, label %49 ] %53 = icmp eq i8* %47, null %54 = icmp eq i8* %47, %39 %55 = or i1 %53, %54 br i1 %55, label %122, label %56 %57 = icmp ugt i8* %47, %39 br i1 %57, label %80, label %58 %59 = phi i8 [ %65, %64 ], [ %48, %56 ] %60 = phi i8* [ %62, %64 ], [ %47, %56 ] switch i8 %59, label %61 [ i8 32, label %66 i8 9, label %66 i8 0, label %66 ] %62 = getelementptr i8, i8* %60, i64 1 %63 = icmp ugt i8* %62, %39 br i1 %63, label %80, label %64 %81 = phi i8* [ %60, %68 ], [ null, %66 ], [ null, %56 ], [ %60, %74 ], [ %60, %77 ], [ null, %61 ] %82 = phi i8* [ null, %68 ], [ null, %66 ], [ null, %56 ], [ null, %77 ], [ %76, %74 ], [ null, %61 ] %83 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %84 = load i32, i32* %83, align 8 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %122 %88 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #76 Function:remove_arg_zero %2 = alloca %struct.page*, align 8 %3 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 12 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %78, label %6 %7 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 3 %8 = bitcast %struct.page** %2 to i8* %9 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 2 br label %10 %11 = load i64, i64* %7, align 8 %12 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@remove_arg_zero, %13)) #6 to label %14 [label %13], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 remove_arg_zero 1 load_misc_binary ------------- Path:  Function:load_misc_binary %2 = load i1, i1* @enabled, align 4 br i1 %2, label %197, label %3 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @entries_lock) #76 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 15 %5 = load i8*, i8** %4, align 8 %6 = tail call i8* @strrchr(i8* %5, i32 46) #76 %7 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @entries, i64 0, i32 0), align 8 %8 = icmp eq %struct.list_head* %7, @entries br i1 %8, label %109, label %9 %10 = icmp eq i8* %6, null %11 = getelementptr i8, i8* %6, i64 1 br label %12 %13 = phi %struct.list_head* [ %7, %9 ], [ %91, %89 ] %14 = bitcast %struct.list_head* %13 to %struct.Node* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1 %16 = bitcast %struct.list_head* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 1 %19 = icmp eq i64 %18, 0 br i1 %19, label %89, label %20 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %31 br i1 %10, label %89, label %25 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 2 %27 = bitcast %struct.list_head* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @strcmp(i8* %28, i8* %11) #76 %30 = icmp eq i32 %29, 0 br i1 %30, label %93, label %89 %94 = bitcast %struct.list_head* %15 to i64* %95 = icmp eq %struct.list_head* %13, null br i1 %95, label %109, label %96 %97 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 4 %98 = bitcast %struct.list_head* %97 to %struct.dentry** %99 = load %struct.dentry*, %struct.dentry** %98, align 8 %100 = icmp eq %struct.dentry* %99, null br i1 %100, label %103, label %101 %104 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %105 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 4 %108 = icmp eq i32 %107, 0 br i1 %108, label %111, label %194 %112 = load i64, i64* %94, align 8 %113 = icmp ult i64 %112, 2147483648 br i1 %113, label %116, label %114 %117 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #76 Function:remove_arg_zero %2 = alloca %struct.page*, align 8 %3 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 12 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %78, label %6 %7 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 3 %8 = bitcast %struct.page** %2 to i8* %9 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 2 br label %10 %11 = load i64, i64* %7, align 8 %12 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@remove_arg_zero, %13)) #6 to label %14 [label %13], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_pages_stat_array 1 __se_sys_move_pages 2 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #76 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #76 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !8 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !9, !misexpect !10 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !11, !misexpect !10 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #76 br label %51 %52 = tail call zeroext i1 @ptrace_may_access(%struct.task_struct* nonnull %37, i32 17) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %52, label %53, label %62 %54 = tail call i32 @security_task_movememory(%struct.task_struct* nonnull %37) #76 %55 = sext i32 %54 to i64 %56 = inttoptr i64 %55 to i8* %57 = inttoptr i64 %55 to %struct.mm_struct* %58 = icmp ugt i8* %56, inttoptr (i64 -4096 to i8*) br i1 %58, label %62, label %59 %60 = tail call i64 @cpuset_mems_allowed(%struct.task_struct* nonnull %37) #76 %61 = tail call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %37) #76 br label %62 %63 = phi i64 [ undef, %53 ], [ %60, %59 ], [ undef, %51 ] %64 = phi %struct.mm_struct* [ %57, %53 ], [ %61, %59 ], [ inttoptr (i64 -1 to %struct.mm_struct*), %51 ] %65 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !12 %66 = icmp eq i32 %65, 1 br i1 %66, label %72, label %67 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @__put_task_struct(%struct.task_struct* nonnull %37) #76 br label %73 %74 = icmp eq %struct.mm_struct* %64, null br i1 %74, label %79, label %75 %76 = phi i64 [ %63, %73 ], [ %34, %28 ] %77 = phi %struct.mm_struct* [ %64, %73 ], [ %35, %28 ] %78 = icmp ugt %struct.mm_struct* %77, inttoptr (i64 -4096 to %struct.mm_struct*) br i1 %78, label %79, label %83 %84 = icmp eq i64 %3, 0 br i1 %84, label %282, label %85 %283 = bitcast [16 x i8*]* %7 to i8* %284 = bitcast [16 x i32]* %8 to i8* %285 = icmp eq i64 %1, 0 br i1 %285, label %337, label %286 %287 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %288 = inttoptr i64 %287 to %struct.task_struct* %289 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %288, i64 0, i32 0, i32 2 %290 = getelementptr inbounds [16 x i8*], [16 x i8*]* %7, i64 0, i64 0 %291 = getelementptr inbounds [16 x i32], [16 x i32]* %8, i64 0, i64 0 br label %292 %293 = phi i32* [ %17, %286 ], [ %334, %332 ] %294 = phi i8** [ %15, %286 ], [ %333, %332 ] %295 = phi i64 [ %1, %286 ], [ %335, %332 ] %296 = icmp ult i64 %295, 16 %297 = select i1 %296, i64 %295, i64 16 %298 = load i32, i32* %289, align 8 %299 = and i32 %298, 2 %300 = icmp eq i32 %299, 0 br i1 %300, label %322, label %301 %302 = bitcast i8** %294 to i32* br label %303 %304 = phi i64 [ %320, %314 ], [ 0, %301 ] %305 = phi i32 [ %319, %314 ], [ 0, %301 ] %307 = getelementptr i32, i32* %302, i64 %304 %308 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %307, i64 4, i64 %306) #6, !srcloc !19 %309 = extractvalue { i32*, i32, i64 } %308, 0 %310 = extractvalue { i32*, i32, i64 } %308, 2 %311 = ptrtoint i32* %309 to i64 %312 = and i64 %311, 4294967295 %313 = icmp eq i64 %312, 0 br i1 %313, label %314, label %337, !prof !11, !misexpect !10 %315 = extractvalue { i32*, i32, i64 } %308, 1 %316 = zext i32 %315 to i64 %317 = inttoptr i64 %316 to i8* %318 = getelementptr [16 x i8*], [16 x i8*]* %7, i64 0, i64 %304 store i8* %317, i8** %318, align 8 %319 = add i32 %305, 1 %320 = sext i32 %319 to i64 %321 = icmp ugt i64 %297, %320 br i1 %321, label %303, label %327 call fastcc void @do_pages_stat_array(%struct.mm_struct* %77, i64 %297, i8** nonnull %290, i32* nonnull %291) #76 Function:do_pages_stat_array callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_pages_stat_array, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_pages_stat_array 1 __se_sys_move_pages 2 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #76 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #76 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !8 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !9, !misexpect !10 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !11, !misexpect !10 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #76 br label %51 %52 = tail call zeroext i1 @ptrace_may_access(%struct.task_struct* nonnull %37, i32 17) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %52, label %53, label %62 %54 = tail call i32 @security_task_movememory(%struct.task_struct* nonnull %37) #76 %55 = sext i32 %54 to i64 %56 = inttoptr i64 %55 to i8* %57 = inttoptr i64 %55 to %struct.mm_struct* %58 = icmp ugt i8* %56, inttoptr (i64 -4096 to i8*) br i1 %58, label %62, label %59 %60 = tail call i64 @cpuset_mems_allowed(%struct.task_struct* nonnull %37) #76 %61 = tail call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %37) #76 br label %62 %63 = phi i64 [ undef, %53 ], [ %60, %59 ], [ undef, %51 ] %64 = phi %struct.mm_struct* [ %57, %53 ], [ %61, %59 ], [ inttoptr (i64 -1 to %struct.mm_struct*), %51 ] %65 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !12 %66 = icmp eq i32 %65, 1 br i1 %66, label %72, label %67 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @__put_task_struct(%struct.task_struct* nonnull %37) #76 br label %73 %74 = icmp eq %struct.mm_struct* %64, null br i1 %74, label %79, label %75 %76 = phi i64 [ %63, %73 ], [ %34, %28 ] %77 = phi %struct.mm_struct* [ %64, %73 ], [ %35, %28 ] %78 = icmp ugt %struct.mm_struct* %77, inttoptr (i64 -4096 to %struct.mm_struct*) br i1 %78, label %79, label %83 %84 = icmp eq i64 %3, 0 br i1 %84, label %282, label %85 %283 = bitcast [16 x i8*]* %7 to i8* %284 = bitcast [16 x i32]* %8 to i8* %285 = icmp eq i64 %1, 0 br i1 %285, label %337, label %286 %287 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %288 = inttoptr i64 %287 to %struct.task_struct* %289 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %288, i64 0, i32 0, i32 2 %290 = getelementptr inbounds [16 x i8*], [16 x i8*]* %7, i64 0, i64 0 %291 = getelementptr inbounds [16 x i32], [16 x i32]* %8, i64 0, i64 0 br label %292 %293 = phi i32* [ %17, %286 ], [ %334, %332 ] %294 = phi i8** [ %15, %286 ], [ %333, %332 ] %295 = phi i64 [ %1, %286 ], [ %335, %332 ] %296 = icmp ult i64 %295, 16 %297 = select i1 %296, i64 %295, i64 16 %298 = load i32, i32* %289, align 8 %299 = and i32 %298, 2 %300 = icmp eq i32 %299, 0 br i1 %300, label %322, label %301 %302 = bitcast i8** %294 to i32* br label %303 %304 = phi i64 [ %320, %314 ], [ 0, %301 ] %305 = phi i32 [ %319, %314 ], [ 0, %301 ] %307 = getelementptr i32, i32* %302, i64 %304 %308 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %307, i64 4, i64 %306) #6, !srcloc !19 %309 = extractvalue { i32*, i32, i64 } %308, 0 %310 = extractvalue { i32*, i32, i64 } %308, 2 %311 = ptrtoint i32* %309 to i64 %312 = and i64 %311, 4294967295 %313 = icmp eq i64 %312, 0 br i1 %313, label %314, label %337, !prof !11, !misexpect !10 %315 = extractvalue { i32*, i32, i64 } %308, 1 %316 = zext i32 %315 to i64 %317 = inttoptr i64 %316 to i8* %318 = getelementptr [16 x i8*], [16 x i8*]* %7, i64 0, i64 %304 store i8* %317, i8** %318, align 8 %319 = add i32 %305, 1 %320 = sext i32 %319 to i64 %321 = icmp ugt i64 %297, %320 br i1 %321, label %303, label %327 call fastcc void @do_pages_stat_array(%struct.mm_struct* %77, i64 %297, i8** nonnull %290, i32* nonnull %291) #76 Function:do_pages_stat_array callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_pages_stat_array, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __ia32_sys_get_mempolicy ------------- Path:  Function:__ia32_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #76 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %29)) #6 to label %30 [label %29], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __x64_sys_get_mempolicy ------------- Path:  Function:__x64_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #76 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %29)) #6 to label %30 [label %29], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mbind 1 __se_sys_mbind 2 __ia32_sys_mbind ------------- Path:  Function:__ia32_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_mbind(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_mbind %7 = alloca i64, align 8 %8 = alloca %struct.cpumask, align 8 %9 = inttoptr i64 %3 to i64* %10 = bitcast %struct.cpumask* %8 to i8* %11 = trunc i64 %2 to i32 %12 = trunc i64 %2 to i16 %13 = and i16 %12, -8192 %14 = and i32 %11, -57345 %15 = icmp ugt i32 %14, 5 %16 = icmp ugt i16 %13, -16385 %17 = or i1 %15, %16 br i1 %17, label %94, label %18 %19 = and i16 %12, 8192 %20 = icmp eq i16 %19, 0 br i1 %20, label %25, label %21 %22 = icmp eq i32 %14, 2 br i1 %22, label %23, label %94 %24 = or i16 %13, 24 br label %25 %26 = phi i16 [ %13, %18 ], [ %24, %23 ] %27 = add i64 %4, -1 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 store i64 0, i64* %28, align 8 %29 = icmp ne i64 %27, 0 %30 = icmp ne i64 %3, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %90 %33 = icmp ugt i64 %27, 32768 br i1 %33, label %94, label %34 %35 = bitcast i64* %7 to i8* br label %36 %37 = phi i64 [ %62, %59 ], [ %27, %34 ] %38 = icmp ugt i64 %37, 64 br i1 %38, label %39, label %65 %66 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %67 = inttoptr i64 %66 to %struct.task_struct* %68 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %67, i64 0, i32 0, i32 2 %69 = load i32, i32* %68, align 8 %70 = and i32 %69, 2 %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %76 = inttoptr i64 %3 to i8* %77 = call i64 @_copy_from_user(i8* nonnull %10, i8* nonnull %76, i64 8) #76 br label %78 %79 = phi i64 [ %74, %72 ], [ %77, %75 ] %80 = trunc i64 %79 to i32 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %94 %83 = and i64 %37, 63 %84 = icmp eq i64 %83, 0 br i1 %84, label %90, label %85 %86 = shl nsw i64 -1, %83 %87 = xor i64 %86, -1 %88 = load i64, i64* %28, align 8 %89 = and i64 %88, %87 store i64 %89, i64* %28, align 8 br label %90 %91 = trunc i32 %14 to i16 %92 = and i64 %5, 4294967295 %93 = call fastcc i64 @do_mbind(i64 %0, i64 %1, i16 zeroext %91, i16 zeroext %26, %struct.cpumask* nonnull %8, i64 %92) #76 Function:do_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.list_head, align 8 %9 = alloca %struct.nodemask_scratch, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = icmp ult i64 %5, 8 br i1 %17, label %18, label %340 %19 = and i64 %5, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %23, label %21 %24 = and i64 %0, 4095 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %340 %27 = icmp eq i16 %2, 0 %28 = and i64 %5, -2 %29 = select i1 %27, i64 %28, i64 %5 %30 = add i64 %1, 4095 %31 = and i64 %30, -4096 %32 = add i64 %31, %0 %33 = icmp ult i64 %32, %0 br i1 %33, label %340, label %34 %35 = icmp eq i64 %31, 0 br i1 %35, label %340, label %36 switch i16 %2, label %49 [ i16 0, label %37 i16 1, label %43 ] %38 = icmp eq %struct.cpumask* %4, null br i1 %38, label %74, label %39 %40 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %74, label %71 %75 = phi i8* [ %61, %63 ], [ null, %37 ], [ null, %39 ] %76 = phi %struct.mempolicy* [ %64, %63 ], [ null, %37 ], [ null, %39 ] %77 = and i64 %29, 8 %78 = icmp eq i64 %77, 0 br i1 %78, label %83, label %79 %84 = icmp eq %struct.mempolicy* %76, null %85 = or i64 %29, 16 %86 = select i1 %84, i64 %85, i64 %29 %87 = and i64 %86, 6 %88 = icmp eq i64 %87, 0 br i1 %88, label %90, label %89 %91 = bitcast %struct.nodemask_scratch* %9 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mbind, %92)) #6 to label %93 [label %92], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %13, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mbind 1 __se_sys_mbind 2 __x64_sys_mbind ------------- Path:  Function:__x64_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_mbind(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_mbind %7 = alloca i64, align 8 %8 = alloca %struct.cpumask, align 8 %9 = inttoptr i64 %3 to i64* %10 = bitcast %struct.cpumask* %8 to i8* %11 = trunc i64 %2 to i32 %12 = trunc i64 %2 to i16 %13 = and i16 %12, -8192 %14 = and i32 %11, -57345 %15 = icmp ugt i32 %14, 5 %16 = icmp ugt i16 %13, -16385 %17 = or i1 %15, %16 br i1 %17, label %94, label %18 %19 = and i16 %12, 8192 %20 = icmp eq i16 %19, 0 br i1 %20, label %25, label %21 %22 = icmp eq i32 %14, 2 br i1 %22, label %23, label %94 %24 = or i16 %13, 24 br label %25 %26 = phi i16 [ %13, %18 ], [ %24, %23 ] %27 = add i64 %4, -1 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 store i64 0, i64* %28, align 8 %29 = icmp ne i64 %27, 0 %30 = icmp ne i64 %3, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %90 %33 = icmp ugt i64 %27, 32768 br i1 %33, label %94, label %34 %35 = bitcast i64* %7 to i8* br label %36 %37 = phi i64 [ %62, %59 ], [ %27, %34 ] %38 = icmp ugt i64 %37, 64 br i1 %38, label %39, label %65 %66 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %67 = inttoptr i64 %66 to %struct.task_struct* %68 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %67, i64 0, i32 0, i32 2 %69 = load i32, i32* %68, align 8 %70 = and i32 %69, 2 %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %76 = inttoptr i64 %3 to i8* %77 = call i64 @_copy_from_user(i8* nonnull %10, i8* nonnull %76, i64 8) #76 br label %78 %79 = phi i64 [ %74, %72 ], [ %77, %75 ] %80 = trunc i64 %79 to i32 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %94 %83 = and i64 %37, 63 %84 = icmp eq i64 %83, 0 br i1 %84, label %90, label %85 %86 = shl nsw i64 -1, %83 %87 = xor i64 %86, -1 %88 = load i64, i64* %28, align 8 %89 = and i64 %88, %87 store i64 %89, i64* %28, align 8 br label %90 %91 = trunc i32 %14 to i16 %92 = and i64 %5, 4294967295 %93 = call fastcc i64 @do_mbind(i64 %0, i64 %1, i16 zeroext %91, i16 zeroext %26, %struct.cpumask* nonnull %8, i64 %92) #76 Function:do_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.list_head, align 8 %9 = alloca %struct.nodemask_scratch, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = icmp ult i64 %5, 8 br i1 %17, label %18, label %340 %19 = and i64 %5, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %23, label %21 %24 = and i64 %0, 4095 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %340 %27 = icmp eq i16 %2, 0 %28 = and i64 %5, -2 %29 = select i1 %27, i64 %28, i64 %5 %30 = add i64 %1, 4095 %31 = and i64 %30, -4096 %32 = add i64 %31, %0 %33 = icmp ult i64 %32, %0 br i1 %33, label %340, label %34 %35 = icmp eq i64 %31, 0 br i1 %35, label %340, label %36 switch i16 %2, label %49 [ i16 0, label %37 i16 1, label %43 ] %38 = icmp eq %struct.cpumask* %4, null br i1 %38, label %74, label %39 %40 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %74, label %71 %75 = phi i8* [ %61, %63 ], [ null, %37 ], [ null, %39 ] %76 = phi %struct.mempolicy* [ %64, %63 ], [ null, %37 ], [ null, %39 ] %77 = and i64 %29, 8 %78 = icmp eq i64 %77, 0 br i1 %78, label %83, label %79 %84 = icmp eq %struct.mempolicy* %76, null %85 = or i64 %29, 16 %86 = select i1 %84, i64 %85, i64 %29 %87 = and i64 %86, 6 %88 = icmp eq i64 %87, 0 br i1 %88, label %90, label %89 %91 = bitcast %struct.nodemask_scratch* %9 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mbind, %92)) #6 to label %93 [label %92], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %13, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_msync 1 __ia32_sys_msync ------------- Path:  Function:__ia32_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i64 @__do_sys_msync(i64 %4, i64 %7, i32 %10) #76 Function:__do_sys_msync %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = icmp ult i32 %2, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %109 %13 = and i32 %2, 4 %14 = and i32 %2, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %109, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %109, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %107, label %23 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_msync, %24)) #6 to label %25 [label %24], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_msync 1 __x64_sys_msync ------------- Path:  Function:__x64_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call fastcc i64 @__do_sys_msync(i64 %3, i64 %5, i32 %8) #76 Function:__do_sys_msync %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = icmp ult i32 %2, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %109 %13 = and i32 %2, 4 %14 = and i32 %2, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %109, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %109, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %107, label %23 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_msync, %24)) #6 to label %25 [label %24], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #76 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131894*, align 8 %6 = bitcast %struct.vm_area_struct.131894** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %33 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %33, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_free 1 __ia32_sys_pkey_free ------------- Path:  Function:__ia32_sys_pkey_free %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_pkey_free(i32 %4) #76 Function:__do_sys_pkey_free %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.131797* %4 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %3, i64 0, i32 38 %5 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %4, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_free, %6)) #6 to label %7 [label %6], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %5, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_free 1 __x64_sys_pkey_free ------------- Path:  Function:__x64_sys_pkey_free %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_pkey_free(i32 %4) #76 Function:__do_sys_pkey_free %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.131797* %4 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %3, i64 0, i32 38 %5 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %4, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_free, %6)) #6 to label %7 [label %6], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %5, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_alloc 1 __ia32_sys_pkey_alloc ------------- Path:  Function:__ia32_sys_pkey_alloc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_pkey_alloc(i64 %4, i64 %7) #76 Function:__do_sys_pkey_alloc %3 = icmp eq i64 %0, 0 %4 = icmp ult i64 %1, 4 %5 = and i1 %3, %4 br i1 %5, label %6, label %67 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %10 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %9, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_alloc, %11)) #6 to label %12 [label %11], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %10, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_alloc 1 __x64_sys_pkey_alloc ------------- Path:  Function:__x64_sys_pkey_alloc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_pkey_alloc(i64 %3, i64 %5) #76 Function:__do_sys_pkey_alloc %3 = icmp eq i64 %0, 0 %4 = icmp ult i64 %1, 4 %5 = and i1 %3, %4 br i1 %5, label %6, label %67 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131797* %9 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %8, i64 0, i32 38 %10 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %9, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_alloc, %11)) #6 to label %12 [label %11], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %10, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.131797* %13 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %12, i64 0, i32 38 %14 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %14, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131797** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131797**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.131797* %13 = getelementptr inbounds %struct.task_struct.131797, %struct.task_struct.131797* %12, i64 0, i32 38 %14 = load %struct.mm_struct.131907*, %struct.mm_struct.131907** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131907*, i1)*)(%struct.mm_struct.131907* %14, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #76 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #76 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __vm_munmap 1 vm_munmap 2 kill_ioctx 3 __se_sys_io_destroy 4 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #76 Function:vm_munmap %3 = tail call fastcc i32 @__vm_munmap(i64 %0, i64 %1, i1 zeroext false) #76 Function:__vm_munmap %4 = alloca %struct.list_head, align 8 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = bitcast %struct.list_head* %4 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %11, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__vm_munmap, %12)) #6 to label %13 [label %12], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __vm_munmap 1 vm_munmap 2 kill_ioctx 3 __se_sys_io_destroy 4 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #76 Function:vm_munmap %3 = tail call fastcc i32 @__vm_munmap(i64 %0, i64 %1, i1 zeroext false) #76 Function:__vm_munmap %4 = alloca %struct.list_head, align 8 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = bitcast %struct.list_head* %4 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %11, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__vm_munmap, %12)) #6 to label %13 [label %12], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #77 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #77 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlockall ------------- Path:  Function:__do_sys_munlockall %2 = alloca %struct.vm_area_struct.130376*, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130490* %5 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %4, i64 0, i32 38 %6 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlockall, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %6, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #76 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130490* %5 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %4, i64 0, i32 38 %6 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %6, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #76 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130490* %5 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %4, i64 0, i32 38 %6 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %6, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #76 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130490* %10 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 95 %11 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 %12 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #76 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 br label %19 %20 = phi %struct.signal_struct.130437* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 38 %25 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %25, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #76 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130490* %10 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 95 %11 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 %12 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #76 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %10, align 32 br label %19 %20 = phi %struct.signal_struct.130437* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %9, i64 0, i32 38 %25 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %25, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #76 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130490** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130490**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130490* %6 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 95 %7 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 %8 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #76 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130437*, %struct.signal_struct.130437** %6, align 32 br label %15 %16 = phi %struct.signal_struct.130437* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130437, %struct.signal_struct.130437* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130490, %struct.task_struct.130490* %5, i64 0, i32 38 %26 = load %struct.mm_struct.130389*, %struct.mm_struct.130389** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.130389*, i1)*)(%struct.mm_struct.130389* %26, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #76 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap_pgoff 1 vm_mmap 2 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %159 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %159, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %159 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %159, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #76 %31 = bitcast i8* %30 to %struct.drm_i915_gem_object.448284* %32 = icmp eq i8* %30, null br i1 %32, label %57, label %33 %34 = bitcast i8* %30 to %struct.seqcount_spinlock* %35 = bitcast i8* %30 to i32* %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %48, label %38 %39 = phi i32 [ %46, %45 ], [ %36, %33 ] %40 = add i32 %39, 1 %41 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %35, i32 %40, i32* nonnull %35, i32 %39) #6, !srcloc !5 %42 = extractvalue { i8, i32 } %41, 0 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %45, label %48, !prof !6, !misexpect !7 %46 = extractvalue { i8, i32 } %41, 1 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %38 %49 = phi i32 [ 0, %33 ], [ %39, %38 ], [ 0, %45 ] %50 = add i32 %49, 1 %51 = or i32 %50, %49 %52 = icmp sgt i32 %51, -1 br i1 %52, label %54, label %53, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %34, i32 0) #76 br label %54 %55 = icmp eq i32 %49, 0 %56 = select i1 %55, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %31 br label %57 %58 = phi %struct.drm_i915_gem_object.448284* [ null, %25 ], [ %56, %54 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %59 = icmp eq %struct.drm_i915_gem_object.448284* %58, null br i1 %59, label %159, label %60 %61 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 3 %62 = load %struct.file*, %struct.file** %61, align 8 %63 = icmp eq %struct.file* %62, null br i1 %63, label %144, label %64 %65 = getelementptr inbounds i8, i8* %1, i64 8 %66 = bitcast i8* %65 to i64* %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds i8, i8* %1, i64 16 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %67 br i1 %72, label %73, label %144 %74 = load i64, i64* %69, align 8 %75 = sub i64 %71, %67 %76 = icmp ugt i64 %74, %75 br i1 %76, label %144, label %77 %78 = tail call i64 @vm_mmap(%struct.file* nonnull %62, i64 0, i64 %74, i64 3, i64 1, i64 %67) #76 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #76 Function:vm_mmap_pgoff %7 = alloca i64, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = bitcast i64* %7 to i8* %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = call i32 @security_mmap_file(%struct.file* %0, i64 %3, i64 %4) #76 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %37 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_mmap_pgoff, %21)) #6 to label %22 [label %21], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext true) #76 ------------- Good: 157 Bad: 52 Ignored: 376 Check Use of Function:xt_compat_init_offsets Check Use of Function:nfs_atomic_open Check Use of Function:dev_change_proto_down Check Use of Function:strnlen_user Use: =BAD PATH= Call Stack: 0 strndup_user 1 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %84 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 keyctl_pkey_params_get 2 keyctl_pkey_verify 3 __se_sys_keyctl 4 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #76 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242256, align 8 %8 = bitcast %struct.kernel_pkey_params.242256* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242256* nonnull %7) #76 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242256* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 keyctl_pkey_params_get 2 keyctl_pkey_verify 3 __se_sys_keyctl 4 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #76 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242256, align 8 %8 = bitcast %struct.kernel_pkey_params.242256* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242256* nonnull %7) #76 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242256* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 keyctl_pkey_params_get 2 keyctl_pkey_verify 3 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %91 = inttoptr i64 %6 to %struct.keyctl_pkey_params* %92 = inttoptr i64 %9 to i8* %93 = inttoptr i64 %12 to i8* %94 = inttoptr i64 %15 to i8* %95 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %91, i8* %92, i8* %93, i8* %94) #76 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242256, align 8 %8 = bitcast %struct.kernel_pkey_params.242256* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242256* nonnull %7) #76 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242256* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242256, %struct.kernel_pkey_params.242256* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24515, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_mount 2 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #76 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_mount 2 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #76 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_memfd_create 1 __ia32_sys_memfd_create ------------- Path:  Function:__ia32_sys_memfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_memfd_create(i64 %4, i64 %7) #76 Function:__se_sys_memfd_create %3 = alloca %struct.ucounts*, align 8 %4 = inttoptr i64 %0 to i8* %5 = trunc i64 %1 to i32 %6 = and i32 %5, 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %10 %11 = and i32 %5, 67108856 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %95 %14 = tail call i64 @strnlen_user(i8* %4, i64 250) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_memfd_create 1 __x64_sys_memfd_create ------------- Path:  Function:__x64_sys_memfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_memfd_create(i64 %3, i64 %5) #76 Function:__se_sys_memfd_create %3 = alloca %struct.ucounts*, align 8 %4 = inttoptr i64 %0 to i8* %5 = trunc i64 %1 to i32 %6 = and i32 %5, 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %10 %11 = and i32 %5, 67108856 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %95 %14 = tail call i64 @strnlen_user(i8* %4, i64 250) #76 ------------- Good: 34 Bad: 14 Ignored: 22 Check Use of Function:acpi_install_notify_handler Check Use of Function:setup_swap_info Check Use of Function:__icmp_send Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.829233*, %struct.net_device.829233** %78, align 8 %80 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %79, i64 0, i32 109, i32 0 %81 = load %struct.net.828834*, %struct.net.828834** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.828834* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.829144* %0, i32* null) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @rcu_read_unlock_strict() #76 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.829144* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #76 ------------- Good: 52 Bad: 1 Ignored: 186 Check Use of Function:put_pid_ns Check Use of Function:percpu_counter_destroy Check Use of Function:reboot_pid_ns Check Use of Function:nfs_rmdir Check Use of Function:rdev_del_virtual_intf Check Use of Function:may_expand_vm Check Use of Function:nfs4_lookup_revalidate Check Use of Function:kernel_kexec Check Use of Function:bsg_ioctl Check Use of Function:bad_inode_lookup Check Use of Function:vt_do_kbkeycode_ioctl Check Use of Function:cfg80211_tx_mlme_mgmt Check Use of Function:try_to_unuse Check Use of Function:security_locked_down Use: =BAD PATH= Call Stack: 0 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #76 %8 = bitcast i8* %7 to %struct.pci_dev.326387* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* @PDE_DATA(%struct.inode* %5) #76 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* @PDE_DATA(%struct.inode* %5) #76 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.317892* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #76 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %63, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #76 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %63 %38 = call i32 @security_locked_down(i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %63, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #76 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %63 %38 = call i32 @security_locked_down(i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 msr_write ------------- Path:  Function:msr_write %5 = alloca [2 x i32], align 4 %6 = bitcast i8* %1 to i32* %7 = bitcast [2 x i32]* %5 to i8* %8 = load i64, i64* %3, align 8 %9 = trunc i64 %8 to i32 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.inode, %struct.inode* %11, i64 0, i32 13 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1048575 %15 = tail call i32 @security_locked_down(i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 disk_store ------------- Path:  Function:disk_store %5 = load i1, i1* @nohibernate, align 4 br i1 %5, label %36, label %6 %7 = tail call i32 @security_locked_down(i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 disk_show ------------- Path:  Function:disk_show %4 = load i1, i1* @nohibernate, align 4 br i1 %4, label %13, label %5 %6 = tail call i32 @security_locked_down(i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 is_hibernate_resume_dev 2 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 Function:is_hibernate_resume_dev %2 = tail call zeroext i1 @hibernation_available() #76 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 snapshot_open ------------- Path:  Function:snapshot_open %3 = tail call zeroext i1 @hibernation_available() #76 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 state_show.7661 ------------- Path:  Function:state_show.7661 %4 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 1), align 8 %5 = icmp eq i8* %4, null br i1 %5, label %10, label %6 %11 = phi i8* [ %9, %6 ], [ %2, %3 ] %12 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 2), align 8 %13 = icmp eq i8* %12, null br i1 %13, label %29, label %25 %26 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %11, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7650, i64 0, i64 0), i8* nonnull %12) #76 %27 = sext i32 %26 to i64 %28 = getelementptr i8, i8* %11, i64 %27 br label %29 %30 = phi i8* [ %28, %25 ], [ %11, %10 ] %31 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 3), align 8 %32 = icmp eq i8* %31, null br i1 %32, label %37, label %33 %34 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %30, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7650, i64 0, i64 0), i8* nonnull %31) #76 %35 = sext i32 %34 to i64 %36 = getelementptr i8, i8* %30, i64 %35 br label %37 %38 = phi i8* [ %36, %33 ], [ %30, %29 ] %39 = tail call zeroext i1 @hibernation_available() #77 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 hibernate 1 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #76 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7662, i64 0, i64 0), i64 4) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #76 Function:hibernate %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %7, label %2 %3 = tail call i32 @security_locked_down(i32 5) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_tgids_open ------------- Path:  Function:tracing_saved_tgids_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_cmdlines_open ------------- Path:  Function:tracing_saved_cmdlines_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_buffers_open ------------- Path:  Function:tracing_buffers_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_err_log_open ------------- Path:  Function:tracing_err_log_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_pipe ------------- Path:  Function:tracing_open_pipe %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open ------------- Path:  Function:tracing_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 show_traces_open ------------- Path:  Function:show_traces_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 dyn_event_open ------------- Path:  Function:dyn_event_open %3 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108227*)*)(%struct.trace_array.108227* null) #76 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_open ------------- Path:  Function:ftrace_event_set_open %3 = getelementptr inbounds %struct.inode.108328, %struct.inode.108328* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108227** %5 = load %struct.trace_array.108227*, %struct.trace_array.108227** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108227*)*)(%struct.trace_array.108227* %5) #76 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_pid_open ------------- Path:  Function:ftrace_event_set_pid_open %3 = getelementptr inbounds %struct.inode.108328, %struct.inode.108328* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108227** %5 = load %struct.trace_array.108227*, %struct.trace_array.108227** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108227*)*)(%struct.trace_array.108227* %5) #76 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_npid_open ------------- Path:  Function:ftrace_event_set_npid_open %3 = getelementptr inbounds %struct.inode.108328, %struct.inode.108328* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108227** %5 = load %struct.trace_array.108227*, %struct.trace_array.108227** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108227*)*)(%struct.trace_array.108227* %5) #76 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 tracing_stat_open ------------- Path:  Function:tracing_stat_open %3 = getelementptr inbounds %struct.inode.106186, %struct.inode.106186* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_formats_open ------------- Path:  Function:ftrace_formats_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_event_avail_open ------------- Path:  Function:ftrace_event_avail_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_open ------------- Path:  Function:event_trigger_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 profile_open ------------- Path:  Function:profile_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 probes_open ------------- Path:  Function:probes_open %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 profile_open.12289 ------------- Path:  Function:profile_open.12289 %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 probes_open.12294 ------------- Path:  Function:probes_open.12294 %3 = tail call i32 @security_locked_down(i32 22) #76 ------------- Use: =BAD PATH= Call Stack: 0 open_kcore ------------- Path:  Function:open_kcore %3 = tail call i32 @security_locked_down(i32 18) #76 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 ------------- Good: 65 Bad: 57 Ignored: 91 Check Use of Function:vfs_symlink Check Use of Function:exit_thread Check Use of Function:check_zeroed_user Use: =BAD PATH= Call Stack: 0 copy_clone_args_from_user 1 __se_sys_clone3 2 __ia32_sys_clone3 ------------- Path:  Function:__ia32_sys_clone3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_clone3(i64 %4, i64 %7) #76 Function:__se_sys_clone3 %3 = alloca %struct.kernel_clone_args, align 8 %4 = alloca [32 x i32], align 16 %5 = inttoptr i64 %0 to %struct.clone_args* %6 = bitcast %struct.kernel_clone_args* %3 to i8* %7 = bitcast [32 x i32]* %4 to i8* %8 = getelementptr inbounds [32 x i32], [32 x i32]* %4, i64 0, i64 0 %9 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %3, i64 0, i32 8 store i32* %8, i32** %9, align 8 %10 = call fastcc i32 @copy_clone_args_from_user(%struct.kernel_clone_args* nonnull %3, %struct.clone_args* %5, i64 %1) #76 Function:copy_clone_args_from_user %4 = alloca %struct.clone_args, align 8 %5 = bitcast %struct.clone_args* %4 to i8* %6 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %0, i64 0, i32 8 %7 = load i32*, i32** %6, align 8 %8 = icmp ugt i64 %2, 4096 br i1 %8, label %95, label %9, !prof !4, !misexpect !5 %10 = icmp ult i64 %2, 64 br i1 %10, label %95, label %11, !prof !4, !misexpect !5 %12 = bitcast %struct.clone_args* %1 to i8* %13 = icmp ugt i64 %2, 88 %14 = select i1 %13, i64 88, i64 %2 %15 = icmp ult i64 %2, 88 %16 = select i1 %15, i64 88, i64 %2 %17 = sub nuw nsw i64 %16, %14 br i1 %15, label %18, label %20 br i1 %13, label %21, label %27 %22 = getelementptr i8, i8* %12, i64 %14 %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %17) #76 ------------- Use: =BAD PATH= Call Stack: 0 copy_clone_args_from_user 1 __se_sys_clone3 2 __x64_sys_clone3 ------------- Path:  Function:__x64_sys_clone3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_clone3(i64 %3, i64 %5) #76 Function:__se_sys_clone3 %3 = alloca %struct.kernel_clone_args, align 8 %4 = alloca [32 x i32], align 16 %5 = inttoptr i64 %0 to %struct.clone_args* %6 = bitcast %struct.kernel_clone_args* %3 to i8* %7 = bitcast [32 x i32]* %4 to i8* %8 = getelementptr inbounds [32 x i32], [32 x i32]* %4, i64 0, i64 0 %9 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %3, i64 0, i32 8 store i32* %8, i32** %9, align 8 %10 = call fastcc i32 @copy_clone_args_from_user(%struct.kernel_clone_args* nonnull %3, %struct.clone_args* %5, i64 %1) #76 Function:copy_clone_args_from_user %4 = alloca %struct.clone_args, align 8 %5 = bitcast %struct.clone_args* %4 to i8* %6 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %0, i64 0, i32 8 %7 = load i32*, i32** %6, align 8 %8 = icmp ugt i64 %2, 4096 br i1 %8, label %95, label %9, !prof !4, !misexpect !5 %10 = icmp ult i64 %2, 64 br i1 %10, label %95, label %11, !prof !4, !misexpect !5 %12 = bitcast %struct.clone_args* %1 to i8* %13 = icmp ugt i64 %2, 88 %14 = select i1 %13, i64 88, i64 %2 %15 = icmp ult i64 %2, 88 %16 = select i1 %15, i64 88, i64 %2 %17 = sub nuw nsw i64 %16, %14 br i1 %15, label %18, label %20 br i1 %13, label %21, label %27 %22 = getelementptr i8, i8* %12, i64 %14 %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %17) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %14 = bitcast %struct.seccomp_notif* %8 to i8* %15 = tail call i32 @check_zeroed_user(i8* %12, i64 80) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %14 = bitcast %struct.seccomp_notif* %8 to i8* %15 = tail call i32 @check_zeroed_user(i8* %12, i64 80) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #76 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1088 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #76 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %31 = getelementptr i8, i8* %19, i64 %22 %32 = tail call i32 @check_zeroed_user(i8* %31, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1088 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #76 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %31 = getelementptr i8, i8* %19, i64 %22 %32 = tail call i32 @check_zeroed_user(i8* %31, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_openat2 ------------- Path:  Function:__x64_sys_openat2 %2 = alloca %struct.perf_branch_entry, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = inttoptr i64 %9 to %struct.perf_branch_entry* %14 = bitcast %struct.perf_branch_entry* %2 to i8* %15 = icmp ult i64 %11, 24 br i1 %15, label %42, label %16, !prof !4, !misexpect !5 %17 = inttoptr i64 %9 to i8* %18 = icmp eq i64 %11, 24 br i1 %18, label %27, label %19 %20 = add i64 %11, -24 %21 = getelementptr %struct.perf_branch_entry, %struct.perf_branch_entry* %13, i64 1 %22 = bitcast %struct.perf_branch_entry* %21 to i8* %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_openat2 ------------- Path:  Function:__ia32_sys_openat2 %2 = alloca %struct.perf_branch_entry, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %4 to i32 %15 = inttoptr i64 %7 to i8* %16 = inttoptr i64 %10 to %struct.perf_branch_entry* %17 = bitcast %struct.perf_branch_entry* %2 to i8* %18 = icmp ult i64 %13, 24 br i1 %18, label %45, label %19, !prof !4, !misexpect !5 %20 = inttoptr i64 %10 to i8* %21 = icmp eq i64 %13, 24 br i1 %21, label %30, label %22 %23 = add nsw i64 %13, -24 %24 = getelementptr %struct.perf_branch_entry, %struct.perf_branch_entry* %16, i64 1 %25 = bitcast %struct.perf_branch_entry* %24 to i8* %26 = tail call i32 @check_zeroed_user(i8* %25, i64 %23) #76 ------------- Good: 4 Bad: 12 Ignored: 10 Check Use of Function:tty_name Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.361948* %1, i32 22) #76 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.361948* %1, i32 22) #76 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.361948* %1, i32 22) #76 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.361948* %1, i32 22) #76 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_check_change 2 n_tty_ioctl_helper 3 n_tty_ioctl ------------- Path:  Function:n_tty_ioctl %5 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 29 %6 = bitcast i8** %5 to %struct.n_tty_data** %7 = load %struct.n_tty_data*, %struct.n_tty_data** %6, align 8 switch i32 %2, label %70 [ i32 21521, label %8 i32 21531, label %17 ] %71 = tail call i32 bitcast (i32 (%struct.tty_struct.359549*, %struct.file.359354*, i32, i64)* @n_tty_ioctl_helper to i32 (%struct.tty_struct.359247*, %struct.file.359135*, i32, i64)*)(%struct.tty_struct.359247* %0, %struct.file.359135* %1, i32 %2, i64 %3) #76 Function:n_tty_ioctl_helper switch i32 %2, label %98 [ i32 21514, label %5 i32 21515, label %39 ] %40 = tail call i32 bitcast (i32 (%struct.tty_struct.361948*)* @tty_check_change to i32 (%struct.tty_struct.359549*)*)(%struct.tty_struct.359549* %0) #76 Function:tty_check_change %2 = tail call i32 @__tty_check_change(%struct.tty_struct.361948* %0, i32 22) #76 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_check_change 2 n_tty_write ------------- Path:  Function:n_tty_write %5 = alloca %struct.wait_queue_entry, align 8 %6 = bitcast %struct.wait_queue_entry* %5 to i8* %7 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.359106** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.359106**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.359106* %11 = bitcast i8** %8 to %struct.task_struct.359106** store %struct.task_struct.359106* %10, %struct.task_struct.359106** %11, align 8 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @woken_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store %struct.list_head* %13, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %13, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 13, i32 3 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 256 %19 = icmp eq i32 %18, 0 br i1 %19, label %31, label %20 %21 = getelementptr inbounds %struct.file.359135, %struct.file.359135* %1, i64 0, i32 3 %22 = load %struct.file_operations.359132*, %struct.file_operations.359132** %21, align 8 %23 = getelementptr inbounds %struct.file_operations.359132, %struct.file_operations.359132* %22, i64 0, i32 5 %24 = load i64 (%struct.kiocb.358950*, %struct.iov_iter*)*, i64 (%struct.kiocb.358950*, %struct.iov_iter*)** %23, align 8 %25 = icmp eq i64 (%struct.kiocb.358950*, %struct.iov_iter*)* %24, bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @redirected_tty_write to i64 (%struct.kiocb.358950*, %struct.iov_iter*)*) br i1 %25, label %31, label %26 %27 = call i32 bitcast (i32 (%struct.tty_struct.361948*)* @tty_check_change to i32 (%struct.tty_struct.359247*)*)(%struct.tty_struct.359247* %0) #76 Function:tty_check_change %2 = tail call i32 @__tty_check_change(%struct.tty_struct.361948* %0, i32 22) #76 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 n_tty_read ------------- Path:  Function:n_tty_read %7 = alloca i64, align 8 %8 = alloca i8*, align 8 %9 = alloca %struct.wait_queue_entry, align 8 store i64 %3, i64* %7, align 8 %10 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 29 %11 = bitcast i8** %10 to %struct.n_tty_data** %12 = load %struct.n_tty_data*, %struct.n_tty_data** %11, align 8 %13 = bitcast i8** %8 to i8* store i8* %2, i8** %8, align 8 %14 = bitcast %struct.wait_queue_entry* %9 to i8* %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 0 store i32 0, i32* %15, align 8 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.359106** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.359106**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.359106* %19 = bitcast i8** %16 to %struct.task_struct.359106** store %struct.task_struct.359106* %18, %struct.task_struct.359106** %19, align 8 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @woken_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %20, align 8 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 3 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store %struct.list_head* %21, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 3, i32 1 store %struct.list_head* %21, %struct.list_head** %23, align 8 %24 = load i8*, i8** %4, align 8 %25 = icmp eq i8* %24, null %26 = ptrtoint i8* %2 to i64 br i1 %25, label %100, label %27 %101 = getelementptr inbounds %struct.file.359135, %struct.file.359135* %1, i64 0, i32 3 %102 = load %struct.file_operations.359132*, %struct.file_operations.359132** %101, align 8 %103 = getelementptr inbounds %struct.file_operations.359132, %struct.file_operations.359132* %102, i64 0, i32 5 %104 = load i64 (%struct.kiocb.358950*, %struct.iov_iter*)*, i64 (%struct.kiocb.358950*, %struct.iov_iter*)** %103, align 8 %105 = icmp eq i64 (%struct.kiocb.358950*, %struct.iov_iter*)* %104, bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @redirected_tty_write to i64 (%struct.kiocb.358950*, %struct.iov_iter*)*) br i1 %105, label %111, label %106 %107 = call i32 bitcast (i32 (%struct.tty_struct.361948*, i32)* @__tty_check_change to i32 (%struct.tty_struct.359247*, i32)*)(%struct.tty_struct.359247* %0, i32 21) #77 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.362008* %5 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 95 %6 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %6, i64 0, i32 24 %8 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %7, align 8 %9 = icmp eq %struct.tty_struct.361948* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %5, align 32 %12 = getelementptr %struct.signal_struct.361954, %struct.signal_struct.361954* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #76 %16 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid*, %struct.pid** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #76 %18 = icmp eq %struct.pid* %17, null %19 = icmp eq %struct.pid* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #76 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %26 = load %struct.tty_port*, %struct.tty_port** %25, align 8 tail call void bitcast (void (%struct.tty_port.360674*, %struct.tty_struct.360671*, %struct.file.360562*)* @tty_port_close to void (%struct.tty_port*, %struct.tty_struct*, %struct.file*)*)(%struct.tty_port* %26, %struct.tty_struct* %0, %struct.file* %1) #76 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.360674* %0, %struct.tty_struct.360671* %1, %struct.file.360562* %2) #76 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.360562*)*)(%struct.file.360562* %2) #76 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %72 %7 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 %9 = getelementptr inbounds %struct.tty_struct.360671, %struct.tty_struct.360671* %1, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %15 = icmp eq i32 %13, 1 br i1 %15, label %21, label %16 %17 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.360671*)*)(%struct.tty_struct.360671* %1) #76 %18 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.360671*)*)(%struct.tty_struct.360671* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %26 = load %struct.tty_port*, %struct.tty_port** %25, align 8 tail call void bitcast (void (%struct.tty_port.360674*, %struct.tty_struct.360671*, %struct.file.360562*)* @tty_port_close to void (%struct.tty_port*, %struct.tty_struct*, %struct.file*)*)(%struct.tty_port* %26, %struct.tty_struct* %0, %struct.file* %1) #76 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.360674* %0, %struct.tty_struct.360671* %1, %struct.file.360562* %2) #76 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.360562*)*)(%struct.file.360562* %2) #76 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %72 %7 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 %9 = getelementptr inbounds %struct.tty_struct.360671, %struct.tty_struct.360671* %1, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %24 = add i32 %13, -1 %25 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 7 store i32 %24, i32* %25, align 8 %26 = icmp slt i32 %24, 0 br i1 %26, label %27, label %32 %28 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.360671*)*)(%struct.tty_struct.360671* %1) #76 %29 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.360671*)*)(%struct.tty_struct.360671* %1) #76 ------------- Good: 17 Bad: 9 Ignored: 37 Check Use of Function:acpi_run_osc Check Use of Function:dm_issue_global_event Check Use of Function:__break_lease Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #76 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236590** %10 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236616** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236616** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236633* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236590** %46 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236590* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #77 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %1, i32 %2, %struct.nfs4_exception* %3) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #76 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236590** %64 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %63, align 16 store i64* %17, i64** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %33 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi i32 [ %96, %85 ], [ 0, %65 ] %74 = phi %struct.page** [ %95, %85 ], [ %21, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #76 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %73, 0 br i1 %82, label %83, label %166 %84 = zext i32 %73 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %73, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.135675*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #76 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236590** %187 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %124 [label %110], !srcloc !4 %125 = load %struct.super_block*, %struct.super_block** %11, align 8 %126 = getelementptr inbounds %struct.super_block, %struct.super_block* %125, i64 0, i32 28 %127 = bitcast i8** %126 to %struct.nfs_server.236590** %128 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %127, align 16 %129 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %128, i32 %109, %struct.nfs4_exception* nonnull %8) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %73, label %17 %74 = phi i32 [ -36, %16 ], [ %72, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %75)) #6 to label %89 [label %75], !srcloc !4 %90 = load %struct.super_block*, %struct.super_block** %13, align 8 %91 = getelementptr inbounds %struct.super_block, %struct.super_block* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.236590** %93 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %92, align 16 %94 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %93, i32 %74, %struct.nfs4_exception* nonnull %7) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #77 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236590* %0, i32 %1, %struct.nfs4_exception* %2) #76 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236616* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #76 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241499** %7 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 25, i32 1 %12 = bitcast i64* %11 to %struct.nfs_delegation.236662** %13 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236662* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241562, %struct.nfs_client.241562* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #76 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236617** %24 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236617* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236617* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236617* %31, %struct.nfs4_label* null) #77 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236590** %15 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236617* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236616* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236616* %22, %struct.nfs4_state.236616** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %44, align 1 %45 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = and i32 %46, 6145 %48 = icmp eq i32 %47, 0 %49 = select i1 %48, i64 256, i64 131328 %50 = and i32 %46, 6 %51 = icmp eq i32 %50, 0 %52 = or i64 %49, 4096 %53 = select i1 %51, i64 %49, i64 %52 %54 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 35, i64 0 %55 = bitcast i32* %54 to i8* %56 = icmp eq %struct.inode* %0, null %57 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %58 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %57, i64 9, i32 1 %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.236616* %22, null %62 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %22, i64 0, i32 13 br label %63 br i1 %56, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236617* %4) #77 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236590** %14 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #76 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #76 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #77 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 0 %42 = load volatile %struct.list_head*, %struct.list_head** %41, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %43 = icmp eq %struct.list_head* %42, %40 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3, i32 1 %46 = load %struct.list_head*, %struct.list_head** %45, align 8 %47 = icmp eq %struct.list_head* %46, %40 br i1 %47, label %50, label %48 %49 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236606** %6 = load %struct.nfs_renameargs.236606*, %struct.nfs_renameargs.236606** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236607** %9 = load %struct.nfs_renameres.236607*, %struct.nfs_renameres.236607** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #76 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #77 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 0 %42 = load volatile %struct.list_head*, %struct.list_head** %41, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %43 = icmp eq %struct.list_head* %42, %40 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3, i32 1 %46 = load %struct.list_head*, %struct.list_head** %45, align 8 %47 = icmp eq %struct.list_head* %46, %40 br i1 %47, label %50, label %48 %49 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #76 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #77 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 0 %42 = load volatile %struct.list_head*, %struct.list_head** %41, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %43 = icmp eq %struct.list_head* %42, %40 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3, i32 1 %46 = load %struct.list_head*, %struct.list_head** %45, align 8 %47 = icmp eq %struct.list_head* %46, %40 br i1 %47, label %50, label %48 %49 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236602** %6 = load %struct.nfs_removeargs.236602*, %struct.nfs_removeargs.236602** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236604** %9 = load %struct.nfs_removeres.236604*, %struct.nfs_removeres.236604** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236590** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #76 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #76 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 0 %42 = load volatile %struct.list_head*, %struct.list_head** %41, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %43 = icmp eq %struct.list_head* %42, %40 br i1 %43, label %44, label %48 %45 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %37, i64 0, i32 3, i32 1 %46 = load %struct.list_head*, %struct.list_head** %45, align 8 %47 = icmp eq %struct.list_head* %46, %40 br i1 %47, label %50, label %48 %49 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation_on_close 2 nfs4_put_open_state 3 __nfs4_close 4 nfs4_close_sync 5 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %3, align 8 %5 = icmp eq %struct.nfs4_state.236616* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238262*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236616*, i32)*)(%struct.nfs4_state.236616* nonnull %4, i32 %13) #76 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238262* %0, i32 %1, i32 3264, i32 1) #76 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %95, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %96 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %97 = icmp eq i32 %64, 0 br i1 %97, label %98, label %117 tail call void @nfs4_put_open_state(%struct.nfs4_state.238262* %0) #77 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #76 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 25, i32 1 %6 = bitcast i64* %5 to %struct.nfs_delegation.236662** %7 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236662* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236662* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236662* %61, i32 0) #77 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241499** %8 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236662* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #76 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %175 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %172, i64 0, i32 3 %176 = getelementptr inbounds %struct.list_head, %struct.list_head* %175, i64 0, i32 0 %177 = load volatile %struct.list_head*, %struct.list_head** %176, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %178 = icmp eq %struct.list_head* %177, %175 br i1 %178, label %179, label %183 %180 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %172, i64 0, i32 3, i32 1 %181 = load %struct.list_head*, %struct.list_head** %180, align 8 %182 = icmp eq %struct.list_head* %181, %175 br i1 %182, label %191, label %183 %184 = tail call i32 bitcast (i32 (%struct.inode*, i32, i32)* @__break_lease to i32 (%struct.inode.150157*, i32, i32)*)(%struct.inode.150157* %6, i32 2049, i32 4) #76 ------------- Good: 75 Bad: 14 Ignored: 61 Check Use of Function:ip_tunnel_bind_dev Check Use of Function:blk_execute_rq Check Use of Function:debugfs_create_dir Check Use of Function:ldsem_up_write Check Use of Function:acpi_scan_init Check Use of Function:sysfs_streq Use: =BAD PATH= Call Stack: 0 store_host_reset ------------- Path:  Function:store_host_reset %5 = getelementptr %struct.device.617410, %struct.device.617410* %0, i64 -2, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.Scsi_Host.620936* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 21 %8 = bitcast %struct.device_private** %7 to %struct.scsi_host_template.620935** %9 = load %struct.scsi_host_template.620935*, %struct.scsi_host_template.620935** %8, align 8 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.49.48645, i64 0, i64 0)) #76 br i1 %10, label %13, label %11 %12 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.50.48646, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 store_host_reset ------------- Path:  Function:store_host_reset %5 = getelementptr %struct.device.617410, %struct.device.617410* %0, i64 -2, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.Scsi_Host.620936* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 21 %8 = bitcast %struct.device_private** %7 to %struct.scsi_host_template.620935** %9 = load %struct.scsi_host_template.620935*, %struct.scsi_host_template.620935** %8, align 8 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.49.48645, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_resume_latency_us_store ------------- Path:  Function:pm_qos_resume_latency_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %15 %16 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.34.47341, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.608046, %struct.device.608046* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #76 br i1 %10, label %11, label %13 %14 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @_disabled, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.608046, %struct.device.608046* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_latency_tolerance_us_store ------------- Path:  Function:pm_qos_latency_tolerance_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %12 %13 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.47303, i64 0, i64 0)) #76 br i1 %13, label %14, label %15 %16 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.31.47304, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_latency_tolerance_us_store ------------- Path:  Function:pm_qos_latency_tolerance_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %12 %13 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.47303, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.409537, %struct.file.409537* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.409538** %8 = load %struct.seq_file.409538*, %struct.seq_file.409538** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.409538, %struct.seq_file.409538* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.409717** %11 = load %struct.drm_connector.409717*, %struct.drm_connector.409717** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38360, i64 0, i64 0)) #76 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.38361, i64 0, i64 0)) #76 br i1 %23, label %24, label %26 %27 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.27.38362, i64 0, i64 0)) #76 br i1 %27, label %28, label %30 %31 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.28.38363, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.409537, %struct.file.409537* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.409538** %8 = load %struct.seq_file.409538*, %struct.seq_file.409538** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.409538, %struct.seq_file.409538* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.409717** %11 = load %struct.drm_connector.409717*, %struct.drm_connector.409717** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38360, i64 0, i64 0)) #76 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.38361, i64 0, i64 0)) #76 br i1 %23, label %24, label %26 %27 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.27.38362, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.409537, %struct.file.409537* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.409538** %8 = load %struct.seq_file.409538*, %struct.seq_file.409538** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.409538, %struct.seq_file.409538* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.409717** %11 = load %struct.drm_connector.409717*, %struct.drm_connector.409717** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38360, i64 0, i64 0)) #76 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.38361, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.409537, %struct.file.409537* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.409538** %8 = load %struct.seq_file.409538*, %struct.seq_file.409538** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.409538, %struct.seq_file.409538* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.409717** %11 = load %struct.drm_connector.409717*, %struct.drm_connector.409717** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38360, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.317892* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29271, i64 0, i64 0)) #76 br i1 %11, label %12, label %17 %18 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.81.29273, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.317892* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29271, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.70.5054, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.70.5054, i64 0, i64 0)) #76 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.5008, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.70.5054, i64 0, i64 0)) #76 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.5008, i64 0, i64 0)) #76 br i1 %7, label %10, label %8 %9 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.72.5055, i64 0, i64 0)) #76 ------------- Good: 25 Bad: 16 Ignored: 17 Check Use of Function:static_key_slow_dec Check Use of Function:ieee80211_init_rate_ctrl_alg Check Use of Function:tcf_proto_lookup_ops Check Use of Function:tty_ldisc_failto Check Use of Function:bitmap_zalloc Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.49808, %struct.ctl_table.49808* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.49808, %struct.ctl_table.49808* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %42 = bitcast i8** %11 to i8* %43 = bitcast i8** %11 to i64* store i64 %15, i64* %43, align 8 %44 = icmp ugt i64 %17, 4095 br i1 %44, label %45, label %47 store i64 4095, i64* %7, align 8 %46 = add i64 %17, -4095 br label %47 %48 = phi i64 [ 4095, %45 ], [ %17, %41 ] %49 = phi i64 [ %46, %45 ], [ 0, %41 ] %50 = tail call i64* @bitmap_zalloc(i32 %19, i32 3264) #76 ------------- Good: 16 Bad: 1 Ignored: 17 Check Use of Function:__mmu_notifier_change_pte Check Use of Function:panic Use: =BAD PATH= Call Stack: 0 snd_disconnect_release ------------- Path:  Function:snd_disconnect_release tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @shutdown_lock, i64 0, i32 0, i32 0)) #76 %3 = load i8*, i8** bitcast (%struct.list_head* @shutdown_files to i8**), align 8 %4 = icmp eq i8* %3, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %4, label %26, label %5 %6 = phi i8* [ %24, %22 ], [ %3, %2 ] %7 = getelementptr i8, i8* %6, i64 -16 %8 = bitcast i8* %7 to %struct.file** %9 = load %struct.file*, %struct.file** %8, align 8 %10 = icmp eq %struct.file* %9, %1 br i1 %10, label %11, label %22 %23 = bitcast i8* %6 to i8** %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %25, label %26, label %5 %27 = phi %struct.snd_monitor_file* [ %13, %11 ], [ null, %2 ], [ null, %22 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @shutdown_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = icmp eq %struct.snd_monitor_file* %27, null br i1 %28, label %48, label %29, !prof !6, !misexpect !7 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.25.61440, i64 0, i64 0), i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_disconnect_release, i64 0, i64 0), %struct.inode* %0, %struct.file* %1) #77 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation_on_close 4 nfs4_put_open_state 5 __nfs4_close 6 nfs4_close_sync 7 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %3, align 8 %5 = icmp eq %struct.nfs4_state.236616* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238262*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236616*, i32)*)(%struct.nfs4_state.236616* nonnull %4, i32 %13) #76 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238262* %0, i32 %1, i32 3264, i32 1) #76 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %95, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %96 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %97 = icmp eq i32 %64, 0 br i1 %97, label %98, label %117 tail call void @nfs4_put_open_state(%struct.nfs4_state.238262* %0) #77 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #76 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 25, i32 1 %6 = bitcast i64* %5 to %struct.nfs_delegation.236662** %7 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236662* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236662* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236662* %61, i32 0) #77 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241499** %8 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236662* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %34 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %33, i64 18 %35 = bitcast %struct.cpu_itimer* %34 to %struct.list_head* %36 = bitcast %struct.cpu_itimer* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #76 %172 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #76 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #76 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_complete_unlink 3 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %8 tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %1, i64 2) #76 br label %8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4096 %12 = icmp eq i32 %11, 0 br i1 %12, label %25, label %13 tail call void bitcast (void (%struct.dentry.222936*, %struct.inode.222934*)* @nfs_complete_unlink to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %0, %struct.inode* %1) #76 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.222978, align 8 %4 = alloca %struct.rpc_task_setup.223016, align 8 %5 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.222999** %12 = load %struct.nfs_unlinkdata.222999*, %struct.nfs_unlinkdata.222999** %11, align 8 store i8* null, i8** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = bitcast %struct.anon.1* %5 to i8* store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %14 = getelementptr %struct.inode.222934, %struct.inode.222934* %1, i64 -1, i32 17 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %14, i64 9, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 2 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %118 %20 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 3 %21 = load %struct.dentry.222936*, %struct.dentry.222936** %20, align 8 %22 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %21, i64 0, i32 5 %23 = load %struct.inode.222934*, %struct.inode.222934** %22, align 8 %24 = getelementptr %struct.inode.222934, %struct.inode.222934* %23, i64 -1, i32 17 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %24, i64 19 %26 = bitcast %struct.cpu_itimer* %25 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %26) #76 %27 = load %struct.dentry.222936*, %struct.dentry.222936** %20, align 8 %28 = getelementptr inbounds %struct.nfs_unlinkdata.222999, %struct.nfs_unlinkdata.222999* %12, i64 0, i32 0, i32 2 %29 = getelementptr inbounds %struct.nfs_unlinkdata.222999, %struct.nfs_unlinkdata.222999* %12, i64 0, i32 3 %30 = tail call %struct.dentry.222936* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.222936* (%struct.dentry.222936*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.222936* %27, %struct.qstr* %28, %struct.wait_queue_head* %29) #76 %31 = icmp ugt %struct.dentry.222936* %30, inttoptr (i64 -4096 to %struct.dentry.222936*) br i1 %31, label %32, label %33 %34 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %30, i64 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, 268435456 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %54 %39 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %30, i64 0, i32 7, i32 0 %40 = bitcast %struct.anon.1* %39 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %40) #76 %41 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %30, i64 0, i32 5 %42 = load %struct.inode.222934*, %struct.inode.222934** %41, align 8 %43 = icmp eq %struct.inode.222934* %42, null br i1 %43, label %114, label %44 %45 = load i32, i32* %34, align 8 %46 = and i32 %45, 4096 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %117 = bitcast %struct.anon.1* %39 to i8* store volatile i8 0, i8* %117, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.dentry.149376*)* @dput to void (%struct.dentry.222936*)*)(%struct.dentry.222936* %30) #76 tail call void @up_read(%struct.rw_semaphore* %26) #76 tail call void @kfree(i8* null) #76 br label %118 %119 = getelementptr inbounds %struct.nfs_unlinkdata.222999, %struct.nfs_unlinkdata.222999* %12, i64 0, i32 4 %120 = load %struct.cred*, %struct.cred** %119, align 8 %121 = icmp eq %struct.cred* %120, null br i1 %121, label %128, label %122 %123 = getelementptr inbounds %struct.cred, %struct.cred* %120, i64 0, i32 0, i32 0 %124 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %123, i32* %123) #6, !srcloc !6 %125 = and i8 %124, 1 %126 = icmp eq i8 %125, 0 br i1 %126, label %128, label %127 tail call void @__put_cred(%struct.cred* nonnull %120) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __put_nfs_open_context 3 nfs_file_clear_open_context 4 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %0, i64 0, i32 8 %4 = load %struct.super_block.215732*, %struct.super_block.215732** %3, align 8 %5 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.215891** %7 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.217066*)* @nfs_file_clear_open_context to void (%struct.file.215754*)*)(%struct.file.215754* %1) #76 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.217066, %struct.file.217066* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.217462** %4 = load %struct.nfs_open_context.217462*, %struct.nfs_open_context.217462** %3, align 8 %5 = icmp eq %struct.nfs_open_context.217462* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %4, i64 0, i32 2 %8 = load %struct.dentry.217372*, %struct.dentry.217372** %7, align 8 %9 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %8, i64 0, i32 5 %10 = load %struct.inode.217383*, %struct.inode.217383** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %10, i64 0, i32 9 %18 = load %struct.address_space.217384*, %struct.address_space.217384** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.121777*)* @invalidate_inode_pages2 to i32 (%struct.address_space.217384*)*)(%struct.address_space.217384* %18) #76 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.217462* nonnull %4, i32 1) #76 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 2 %4 = load %struct.dentry.217372*, %struct.dentry.217372** %3, align 8 %5 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %4, i64 0, i32 5 %6 = load %struct.inode.217383*, %struct.inode.217383** %5, align 8 %7 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %4, i64 0, i32 9 %8 = load %struct.super_block.217367*, %struct.super_block.217367** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 9 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %32, label %23 %33 = icmp eq %struct.inode.217383* %6, null br i1 %33, label %46, label %34 %47 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 3 %48 = load %struct.cred*, %struct.cred** %47, align 8 %49 = icmp eq %struct.cred* %48, null br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 0, i32 0 %52 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !10 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 tail call void @__put_cred(%struct.cred* nonnull %48) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 put_fs_context 3 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.157736*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #76 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 5 %3 = load %struct.dentry.157676*, %struct.dentry.157676** %2, align 8 %4 = icmp eq %struct.dentry.157676* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157314*, %struct.fs_context_operations.157314** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157314* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157314, %struct.fs_context_operations.157314* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.157736*)*, void (%struct.fs_context.157736*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.157736*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #76 %25 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void @__put_cred(%struct.cred* nonnull %39) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_waitid 7 __se_compat_sys_waitid 8 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_waitid 7 __se_sys_waitid 8 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_waitid 7 __se_sys_waitid 8 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_wait4 7 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_wait4 7 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_wait4 7 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_wait4 7 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 release_task 4 wait_consider_task 5 do_wait 6 kernel_wait4 7 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_keyctl 4 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_keyctl 4 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_keyring_move 4 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #76 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #76 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6690, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #76 ------------- Good: 771 Bad: 41 Ignored: 549 Check Use of Function:ext4_rename2 Check Use of Function:ext4_file_read_iter Check Use of Function:try_to_unlazy Check Use of Function:thermal_cooling_device_unregister Check Use of Function:unregister_netdevice_queue Check Use of Function:shrink_dcache_parent Check Use of Function:lo_ioctl Use: =BAD PATH= Call Stack: 0 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %8 = load %struct.gendisk.614953*, %struct.gendisk.614953** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.614955* %0, i32 %1, i32 %2, i64 %35) #77 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:rtnl_register Check Use of Function:pci_user_read_config_dword Check Use of Function:i8042_flush Check Use of Function:ieee80211_request_sched_scan_stop Check Use of Function:ieee80211_add_virtual_monitor Check Use of Function:hidraw_ioctl Check Use of Function:vfs_create_mount Check Use of Function:selinux_policy_genfs_sid Check Use of Function:ieee80211_stop_device Check Use of Function:serport_ldisc_open Check Use of Function:htree_dirblock_to_tree Use: =BAD PATH= Call Stack: 0 ext4_htree_fill_tree 1 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info** %17 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #76 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct* %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode*, %struct.inode** %6, align 8 %208 = getelementptr inbounds %struct.inode, %struct.inode* %207, i64 0, i32 8 %209 = load %struct.super_block*, %struct.super_block** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct* %220 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block, %struct.super_block* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #76 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #76 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #76 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #76 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #76 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %343, i32 %345, i32* %346) #76 Function:ext4_htree_fill_tree %5 = alloca %struct.dx_hash_info, align 8 %6 = alloca [3 x %struct.dx_frame], align 16 %7 = alloca %struct.uuidcmp, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.dx_hash_info* %5 to i8* %10 = bitcast [3 x %struct.dx_frame]* %6 to i8* %11 = bitcast %struct.uuidcmp* %7 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = getelementptr %struct.inode, %struct.inode* %13, i64 -1, i32 34 %15 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %14, i64 10, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 4096 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr inbounds %struct.inode, %struct.inode* %13, i64 0, i32 4 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 49152 %23 = icmp eq i32 %22, 49152 br i1 %23, label %24, label %26 %25 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 2 store i32 6, i32* %25, align 8 br label %36 %37 = getelementptr inbounds %struct.inode, %struct.inode* %13, i64 0, i32 8 %38 = load %struct.super_block*, %struct.super_block** %37, align 8 %39 = getelementptr inbounds %struct.super_block, %struct.super_block* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.ext4_sb_info** %41 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %40, align 16 br label %51 %52 = phi %struct.ext4_sb_info* [ %41, %36 ], [ %47, %42 ] %53 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %52, i64 0, i32 33, i64 0 %54 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 3 store i32* %53, i32** %54, align 8 %55 = load volatile i64, i64* %15, align 8 %56 = and i64 %55, 268435456 %57 = icmp eq i64 %56, 0 br i1 %57, label %70, label %58 %71 = call fastcc i32 @htree_dirblock_to_tree(%struct.file* %0, %struct.inode* %13, i32 0, %struct.dx_hash_info* nonnull %5, i32 %1, i32 %2) #77 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:bitmap_parse Use: =BAD PATH= Call Stack: 0 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 ------------- Use: =BAD PATH= Call Stack: 0 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 ------------- Good: 5 Bad: 2 Ignored: 1 Check Use of Function:intel_irq_uninstall Check Use of Function:cache_ioctl_pipefs Check Use of Function:stream_open Use: =BAD PATH= Call Stack: 0 snd_seq_open ------------- Path:  Function:snd_seq_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 snd_timer_user_open ------------- Path:  Function:snd_timer_user_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_open ------------- Path:  Function:snd_ctl_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #76 ------------- Good: 6 Bad: 3 Ignored: 3 Check Use of Function:housekeeping_cpumask Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 __pm_runtime_suspend 7 __intel_runtime_pm_put 8 intel_runtime_pm_put_unchecked 9 intel_rps_read_punit_req_frequency 10 intel_rps_get_requested_frequency 11 gt_cur_freq_mhz_show ------------- Path:  Function:gt_cur_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.422916** %8 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.422916, %struct.drm_i915_private.422916* %8, i64 0, i32 102, i32 18 %10 = tail call i32 @intel_rps_get_requested_frequency(%struct.intel_rps* %9) #76 Function:intel_rps_get_requested_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 3, i32 1 %3 = bitcast %struct.list_head** %2 to %struct.intel_uc.448343* %4 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 0, i32 1, i32 0 %5 = load i32, i32* %4, align 4 %6 = icmp sgt i32 %5, 4 br i1 %6, label %7, label %17 %8 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 14 %9 = load i8, i8* %8, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.intel_uc.448343, %struct.intel_uc.448343* %3, i64 0, i32 1, i32 3, i32 3 %13 = load i8, i8* %12, align 1, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %17, label %15 %16 = tail call i32 @intel_rps_read_punit_req_frequency(%struct.intel_rps* %0) #76 Function:intel_rps_read_punit_req_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 1 %3 = bitcast %struct.raw_spinlock* %2 to %struct.intel_uncore.448200** %4 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %5 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 2 %6 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %5, align 8 %7 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %6) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %14, label %9 %10 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 8, i32 6 %11 = load i32 (%struct.intel_uncore.448200*, i32, i1)*, i32 (%struct.intel_uncore.448200*, i32, i1)** %10, align 8 %12 = tail call i32 %11(%struct.intel_uncore.448200* %4, i32 40968, i1 zeroext true) #76 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %6) #76 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #76 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39146, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "413:\0A\09.pushsection .discard.reachable\0A\09.long 413b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39148, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "414:\0A\09.pushsection .discard.reachable\0A\09.long 414b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39151, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "415:\0A\09.pushsection .discard.reachable\0A\09.long 415b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #76 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #76 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #77 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = call %struct.irq_desc.75769* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #76 %5 = icmp eq %struct.irq_desc.75769* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14606*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.75769*, i1, i1)*)(%struct.irq_desc.75769* nonnull %4, i1 zeroext true, i1 zeroext true) #76 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8205, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "218:\0A\09.pushsection .discard.reachable\0A\09.long 218b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #76 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.75769*)* @irq_setup_affinity to i32 (%struct.irq_desc.14606*)*)(%struct.irq_desc.14606* %0) #76 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.75769* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %13, align 8 %15 = icmp eq %struct.irq_chip.75783* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #76 %21 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.75764* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #77 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.75769** %6 = load %struct.irq_desc.75769*, %struct.irq_desc.75769** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %75, label %10 %11 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %12, null br i1 %13, label %75, label %14 %15 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %6, i64 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %36, label %19 %20 = tail call zeroext i1 @housekeeping_enabled(i32 128) #76 br i1 %20, label %23, label %21 %24 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 __pm_runtime_suspend 7 __intel_runtime_pm_put 8 intel_runtime_pm_put_unchecked 9 intel_rps_read_actual_frequency 10 gt_act_freq_mhz_show ------------- Path:  Function:gt_act_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.422916** %8 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.422916, %struct.drm_i915_private.422916* %8, i64 0, i32 102, i32 18 %10 = tail call i32 @intel_rps_read_actual_frequency(%struct.intel_rps* %9) #76 Function:intel_rps_read_actual_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22, i32 0, i32 1 %3 = bitcast %struct.raw_spinlock* %2 to %struct.intel_uncore.448200** %4 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %5 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %4, i64 0, i32 2 %6 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %5, align 8 %7 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %6) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %112, label %9 %10 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 22 %11 = bitcast %struct.anon.189.415496* %10 to %struct.drm_i915_private.448538** %12 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 13 %13 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 14 %14 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 20 %15 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %11, align 8 %16 = load %struct.intel_uncore.448200*, %struct.intel_uncore.448200** %3, align 8 %17 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %15, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 9437184 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %15, i64 0, i32 3, i32 0 %25 = load i8, i8* %24, align 8 %26 = icmp ugt i8 %25, 5 %27 = getelementptr inbounds %struct.intel_uncore.448200, %struct.intel_uncore.448200* %16, i64 0, i32 8, i32 6 %28 = load i32 (%struct.intel_uncore.448200*, i32, i1)*, i32 (%struct.intel_uncore.448200*, i32, i1)** %27, align 8 br i1 %26, label %29, label %31 %32 = tail call i32 %28(%struct.intel_uncore.448200* %16, i32 70136, i1 zeroext true) #76 br label %33 %34 = phi i32 [ %22, %21 ], [ %30, %29 ], [ %32, %31 ] %35 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %11, align 8 %36 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %35, i64 0, i32 4, i32 0, i64 0 %37 = load i32, i32* %36, align 4 %38 = zext i32 %37 to i64 %39 = and i64 %38, 9437184 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %67 %42 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %35, i64 0, i32 3, i32 0 %43 = load i8, i8* %42, align 8 %44 = icmp ugt i8 %43, 8 br i1 %44, label %45, label %47 %46 = lshr i32 %34, 23 br label %73 %74 = phi i32 [ %46, %45 ], [ %69, %67 ] %75 = mul nuw nsw i32 %74, 50 %76 = icmp eq i32 %74, 0 %77 = or i32 %75, 1 %78 = add nsw i32 %75, -1 %79 = select i1 %76, i32 %78, i32 %77 %80 = sdiv i32 %79, 3 br label %110 %111 = phi i32 [ %109, %106 ], [ %80, %73 ], [ %93, %86 ], [ %105, %97 ] tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %6) #76 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #76 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39146, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "413:\0A\09.pushsection .discard.reachable\0A\09.long 413b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39148, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "414:\0A\09.pushsection .discard.reachable\0A\09.long 414b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39151, i64 0, i64 0)) #76 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39147, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "415:\0A\09.pushsection .discard.reachable\0A\09.long 415b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #76 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #76 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #77 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = call %struct.irq_desc.75769* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #76 %5 = icmp eq %struct.irq_desc.75769* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14606*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.75769*, i1, i1)*)(%struct.irq_desc.75769* nonnull %4, i1 zeroext true, i1 zeroext true) #76 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8205, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "218:\0A\09.pushsection .discard.reachable\0A\09.long 218b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #76 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.75769*)* @irq_setup_affinity to i32 (%struct.irq_desc.14606*)*)(%struct.irq_desc.14606* %0) #76 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.75769* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %13, align 8 %15 = icmp eq %struct.irq_chip.75783* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #76 %21 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.75764* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #77 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.75769** %6 = load %struct.irq_desc.75769*, %struct.irq_desc.75769** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %75, label %10 %11 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %12, null br i1 %13, label %75, label %14 %15 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %6, i64 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %36, label %19 %20 = tail call zeroext i1 @housekeeping_enabled(i32 128) #76 br i1 %20, label %23, label %21 %24 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 pm_runtime_set_autosuspend_delay 8 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.53834, i64 0, i64 0), i32* nonnull %5) #76 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void @pm_runtime_set_autosuspend_delay(%struct.device* %0, i32 %14) #77 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %23 %24 = icmp ne i16 %10, 0 %25 = icmp slt i32 %6, 0 %26 = and i1 %25, %24 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !5 br label %29 %30 = tail call fastcc i32 @rpm_idle(%struct.device* %0, i32 8) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = call %struct.irq_desc.75769* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #76 %5 = icmp eq %struct.irq_desc.75769* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14606*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.75769*, i1, i1)*)(%struct.irq_desc.75769* nonnull %4, i1 zeroext true, i1 zeroext true) #76 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8205, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "218:\0A\09.pushsection .discard.reachable\0A\09.long 218b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #76 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.75769*)* @irq_setup_affinity to i32 (%struct.irq_desc.14606*)*)(%struct.irq_desc.14606* %0) #76 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.75769* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %13, align 8 %15 = icmp eq %struct.irq_chip.75783* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #76 %21 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.75764* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #77 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.75769** %6 = load %struct.irq_desc.75769*, %struct.irq_desc.75769** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %75, label %10 %11 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %12, null br i1 %13, label %75, label %14 %15 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %6, i64 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %36, label %19 %20 = tail call zeroext i1 @housekeeping_enabled(i32 128) #76 br i1 %20, label %23, label %21 %24 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 __rpm_callback 8 rpm_resume 9 __pm_runtime_resume 10 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.317892* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #76 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.317892* %7) #76 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = call %struct.irq_desc.75769* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #76 %5 = icmp eq %struct.irq_desc.75769* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14606*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.75769*, i1, i1)*)(%struct.irq_desc.75769* nonnull %4, i1 zeroext true, i1 zeroext true) #76 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8205, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "218:\0A\09.pushsection .discard.reachable\0A\09.long 218b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #76 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.75769*)* @irq_setup_affinity to i32 (%struct.irq_desc.14606*)*)(%struct.irq_desc.14606* %0) #76 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.75769* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %13, align 8 %15 = icmp eq %struct.irq_chip.75783* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #76 %21 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.75764* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #77 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.75769** %6 = load %struct.irq_desc.75769*, %struct.irq_desc.75769** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %75, label %10 %11 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %12, null br i1 %13, label %75, label %14 %15 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %6, i64 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %36, label %19 %20 = tail call zeroext i1 @housekeeping_enabled(i32 128) #76 br i1 %20, label %23, label %21 %24 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 __rpm_callback 8 rpm_resume 9 __pm_runtime_resume 10 __submit_bio 11 submit_bio_noacct 12 __blk_queue_split 13 blk_queue_split 14 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.700572*, align 8 store %struct.bio.700572* %0, %struct.bio.700572** %2, align 8 %3 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 1 %4 = load %struct.block_device.700569*, %struct.block_device.700569** %3, align 8 %5 = getelementptr inbounds %struct.block_device.700569, %struct.block_device.700569* %4, i64 0, i32 16 %6 = load %struct.gendisk.700393*, %struct.gendisk.700393** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.700393, %struct.gendisk.700393* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #76 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.700572**)*)(%struct.bio.700572** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #76 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %37 = icmp eq %struct.device.295559* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %36, i32 1) #76 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #76 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #76 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %54 = icmp eq %struct.device.295559* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %53, i32 1) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = call %struct.irq_desc.75769* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #76 %5 = icmp eq %struct.irq_desc.75769* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14606*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.75769*, i1, i1)*)(%struct.irq_desc.75769* nonnull %4, i1 zeroext true, i1 zeroext true) #76 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8205, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "218:\0A\09.pushsection .discard.reachable\0A\09.long 218b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #76 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.75769*)* @irq_setup_affinity to i32 (%struct.irq_desc.14606*)*)(%struct.irq_desc.14606* %0) #76 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.75769* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %13, align 8 %15 = icmp eq %struct.irq_chip.75783* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #76 %21 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.75764* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #77 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.75769** %6 = load %struct.irq_desc.75769*, %struct.irq_desc.75769** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %75, label %10 %11 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %12, null br i1 %13, label %75, label %14 %15 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %6, i64 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %36, label %19 %20 = tail call zeroext i1 @housekeeping_enabled(i32 128) #76 br i1 %20, label %23, label %21 %24 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #76 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 __rpm_callback 8 rpm_resume 9 __pm_runtime_resume 10 __submit_bio 11 submit_bio_noacct 12 __blk_queue_split 13 blk_queue_split 14 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.299652*, align 8 store %struct.bio.299652* %0, %struct.bio.299652** %2, align 8 %3 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 1 %8 = load %struct.block_device.299712*, %struct.block_device.299712** %7, align 8 %9 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %8, i64 0, i32 16 %10 = load %struct.gendisk.299710*, %struct.gendisk.299710** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.299652**)*)(%struct.bio.299652** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #76 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %37 = icmp eq %struct.device.295559* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %36, i32 1) #76 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #76 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #76 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.295559*, %struct.device.295559** %11, align 8 %54 = icmp eq %struct.device.295559* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.295559*, i32)*)(%struct.device.295559* nonnull %53, i32 1) #76 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #76 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #77 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #77 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %24, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %26, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %24, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #77 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #77 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %125, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %125 %19 = tail call i32 @device_links_read_lock() #76 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %124, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #76 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #76 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #76 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %182, label %90 %91 = phi %struct.list_head* [ %122, %116 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %94 = bitcast %struct.list_head* %93 to %struct.seqcount_spinlock* %95 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %96 = bitcast %struct.list_head* %92 to %struct.device** %97 = load %struct.device*, %struct.device** %96, align 8 br i1 %95, label %98, label %116 %99 = phi %struct.device* [ %115, %113 ], [ %97, %90 ] %100 = getelementptr inbounds %struct.device, %struct.device* %99, i64 0, i32 11, i32 13, i32 0 %101 = load volatile i32, i32* %100, align 4 %102 = icmp eq i32 %101, 0 br i1 %102, label %113, label %103, !prof !8, !misexpect !9 %104 = phi i32 [ %111, %110 ], [ %101, %98 ] %105 = add i32 %104, -1 %106 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %100, i32 %105, i32* %100, i32 %104) #6, !srcloc !10 %107 = extractvalue { i8, i32 } %106, 0 %108 = and i8 %107, 1 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %113, !prof !8, !misexpect !9 %111 = extractvalue { i8, i32 } %106, 1 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %103, !prof !8, !misexpect !9 %114 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %94) #76 %115 = load %struct.device*, %struct.device** %96, align 8 br i1 %114, label %98, label %116 %117 = phi %struct.device* [ %97, %90 ], [ %115, %113 ] %118 = getelementptr inbounds %struct.device, %struct.device* %117, i64 0, i32 11, i32 3, i32 0, i32 0 %119 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %118) #76 %120 = tail call fastcc i32 @rpm_idle(%struct.device* %117, i32 1) #76 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #76 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %126 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %126 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %126, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %126 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %126, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %126, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %38 = icmp eq i32 %37, 0 br i1 %38, label %126, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %126 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %126, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %125 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %128) to i64), i32 0) #76 br label %130 %131 = or i32 %1, 8 %132 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %131) #76 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #76 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #77 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #77 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #76 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* %4 = call %struct.irq_desc.75769* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #76 %5 = icmp eq %struct.irq_desc.75769* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14606*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.75769*, i1, i1)*)(%struct.irq_desc.75769* nonnull %4, i1 zeroext true, i1 zeroext true) #76 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14606, %struct.irq_desc.14606* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8205, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "218:\0A\09.pushsection .discard.reachable\0A\09.long 218b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #76 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.75769*)* @irq_setup_affinity to i32 (%struct.irq_desc.14606*)*)(%struct.irq_desc.14606* %0) #76 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.75769* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %13, align 8 %15 = icmp eq %struct.irq_chip.75783* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #76 %21 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.75764* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #77 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.75769** %6 = load %struct.irq_desc.75769*, %struct.irq_desc.75769** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.75764, %struct.irq_data.75764* %0, i64 0, i32 4 %8 = load %struct.irq_chip.75783*, %struct.irq_chip.75783** %7, align 8 %9 = icmp eq %struct.irq_chip.75783* %8, null br i1 %9, label %75, label %10 %11 = getelementptr inbounds %struct.irq_chip.75783, %struct.irq_chip.75783* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.75764*, %struct.cpumask*, i1)* %12, null br i1 %13, label %75, label %14 %15 = getelementptr inbounds %struct.irq_desc.75769, %struct.irq_desc.75769* %6, i64 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %36, label %19 %20 = tail call zeroext i1 @housekeeping_enabled(i32 128) #76 br i1 %20, label %23, label %21 %24 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #76 ------------- Good: 1092 Bad: 6 Ignored: 1153 Check Use of Function:cfg80211_register_wdev Check Use of Function:tcf_fill_node Check Use of Function:put_ipc_ns Use: =BAD PATH= Call Stack: 0 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_create_attr 1 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #76 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #76 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %66 = phi i32 [ %44, %42 ], [ -28, %32 ], [ -13, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br i1 %14, label %68, label %67 tail call void @put_ipc_ns(%struct.ipc_namespace* nonnull %13) #76 ------------- Good: 11 Bad: 2 Ignored: 4 Check Use of Function:hibernate Use: =BAD PATH= Call Stack: 0 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #76 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7662, i64 0, i64 0), i64 4) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #76 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:flush_workqueue Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #76 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %140, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.299710*, %struct.gendisk.299710** %32, align 8 %34 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %35 = load %struct.gendisk.299710*, %struct.gendisk.299710** %34, align 8 %36 = icmp eq %struct.gendisk.299710* %33, %35 br i1 %36, label %82, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #76 %40 = icmp eq i32 %39, 0 br i1 %40, label %75, label %41 %76 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 75, i32 0, i32 0 %77 = load volatile i64, i64* %76, align 8 %78 = and i64 %77, 1 %79 = icmp eq i64 %78, 0 br i1 %79, label %140, label %80 %81 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %81) #76 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl 1 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.299712* %0, i32 %1, i32 %2, i64 %8) #76 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %29 = load %struct.gendisk.299710*, %struct.gendisk.299710** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #76 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %29 = load %struct.gendisk.299710*, %struct.gendisk.299710** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #76 ------------- Good: 47 Bad: 3 Ignored: 24 Check Use of Function:refcount_dec_and_lock Use: =BAD PATH= Call Stack: 0 nfs4_put_open_state 1 __nfs4_close 2 nfs4_close_sync 3 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %3, align 8 %5 = icmp eq %struct.nfs4_state.236616* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238262*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236616*, i32)*)(%struct.nfs4_state.236616* nonnull %4, i32 %13) #76 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238262* %0, i32 %1, i32 3264, i32 1) #76 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %95, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %96 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %97 = icmp eq i32 %64, 0 br i1 %97, label %98, label %117 tail call void @nfs4_put_open_state(%struct.nfs4_state.238262* %0) #77 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238264* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238263*, %struct.nfs_open_context.238263** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238263, %struct.nfs_open_context.238263* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #76 %28 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238293* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238293* %77) #76 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238293* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238264* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238263*, %struct.nfs_open_context.238263** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238263, %struct.nfs_open_context.238263* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #76 %28 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238293* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238293* %77) #76 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238293* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #76 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #76 ------------- Good: 198 Bad: 5 Ignored: 230 Check Use of Function:ieee80211_led_assoc Check Use of Function:hex_to_bin Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #76 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #76 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #76 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #76 %160 = icmp slt i32 %159, 0 br i1 %160, label %183, label %161 %162 = shl i32 %159, 28 %163 = or i32 %162, %146 %164 = icmp ult i8* %158, %0 br i1 %164, label %178, label %165 %166 = load i8, i8* %158, align 1 %167 = zext i8 %166 to i64 %168 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %167 %169 = load i8, i8* %168, align 1 %170 = and i8 %169, 32 %171 = icmp ne i8 %170, 0 %172 = icmp eq i8 %166, 44 %173 = or i1 %172, %171 br i1 %173, label %178, label %174 %175 = getelementptr i8, i8* %32, i64 -9 %176 = tail call i32 @hex_to_bin(i8 signext %166) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #76 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #76 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #76 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #76 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #76 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #76 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #76 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #76 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #76 %160 = icmp slt i32 %159, 0 br i1 %160, label %183, label %161 %162 = shl i32 %159, 28 %163 = or i32 %162, %146 %164 = icmp ult i8* %158, %0 br i1 %164, label %178, label %165 %166 = load i8, i8* %158, align 1 %167 = zext i8 %166 to i64 %168 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %167 %169 = load i8, i8* %168, align 1 %170 = and i8 %169, 32 %171 = icmp ne i8 %170, 0 %172 = icmp eq i8 %166, 44 %173 = or i1 %172, %171 br i1 %173, label %178, label %174 %175 = getelementptr i8, i8* %32, i64 -9 %176 = tail call i32 @hex_to_bin(i8 signext %166) #76 ------------- Good: 138 Bad: 18 Ignored: 189 Check Use of Function:d_add Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 9 %11 = load %struct.super_block.153230*, %struct.super_block.153230** %10, align 8 %12 = getelementptr inbounds %struct.super_block.153230, %struct.super_block.153230* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.153260*, %struct.dentry_operations.153260** %12, align 64 %14 = icmp eq %struct.dentry_operations.153260* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry.153259*, %struct.inode.153255*)*)(%struct.dentry.153259* %1, %struct.inode.153255* null) #76 ------------- Good: 19 Bad: 4 Ignored: 5 Check Use of Function:vfat_revalidate_ci Check Use of Function:xa_find_after Check Use of Function:sd_pr_register Check Use of Function:acpi_notifier_call_chain Check Use of Function:kernel_restart Check Use of Function:drm_mode_plane_set_obj_prop Check Use of Function:vfs_truncate Check Use of Function:do_trace_netlink_extack Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.892941, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.892941* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %58 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.892435*, %struct.inet6_dev.892435** %58, align 16 %60 = icmp eq %struct.inet6_dev.892435* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.895232*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.892517*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.892517* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #76 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %79 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %102 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.892388** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 1 %109 = load %struct.dst_ops.892390*, %struct.dst_ops.892390** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.892411*, i8*)*, void (%struct.dst_entry.892411*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.892411*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %122 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121) #76 %123 = icmp eq %struct.neighbour.892346* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*, i1)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121, i1 zeroext true) #76 %126 = icmp ugt %struct.neighbour.892346* %125, inttoptr (i64 -4096 to %struct.neighbour.892346*) %127 = icmp eq %struct.neighbour.892346* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.892346* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.895232*, %struct.neighbour.894739*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.892517*, %struct.neighbour.892346*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.892517* %131, %struct.neighbour.892346* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #76 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.894739*, i8*, i8, i32, i32)*)(%struct.neighbour.894739* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #76 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #76 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #76 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 tail call void @do_trace_netlink_extack(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__neigh_update.__msg, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.892941, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.892941* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %58 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.892435*, %struct.inet6_dev.892435** %58, align 16 %60 = icmp eq %struct.inet6_dev.892435* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.892435, %struct.inet6_dev.892435* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.895232*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.892517*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.892517* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #76 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %79 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %102 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.892388** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 1 %109 = load %struct.dst_ops.892390*, %struct.dst_ops.892390** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.892411*, i8*)*, void (%struct.dst_entry.892411*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.892411*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %122 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121) #76 %123 = icmp eq %struct.neighbour.892346* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.892346* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.892346* (%struct.neigh_table.892342*, i8*, %struct.net_device.892517*, i1)*)(%struct.neigh_table.892342* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.895232*, i32*)*, i1 (%struct.neighbour.894739*, i8*)*, i32 (%struct.neighbour.894739*)*, i32 (%struct.pneigh_entry.894726*)*, void (%struct.pneigh_entry.894726*)*, void (%struct.sk_buff.895146*)*, i32 (i8*)*, i1 (%struct.net_device.895232*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.894727, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.894730, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.894735*, %struct.pneigh_entry.894726** }* @nd_tbl to %struct.neigh_table.892342*), i8* %35, %struct.net_device.892517* %121, i1 zeroext true) #76 %126 = icmp ugt %struct.neighbour.892346* %125, inttoptr (i64 -4096 to %struct.neighbour.892346*) %127 = icmp eq %struct.neighbour.892346* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.892346* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.892517*, %struct.net_device.892517** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.895232*, %struct.neighbour.894739*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.892517*, %struct.neighbour.892346*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.892517* %131, %struct.neighbour.892346* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #76 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.894739*, i8*, i8, i32, i32)*)(%struct.neighbour.894739* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #76 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #76 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #76 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %120, label %124 tail call void @do_trace_netlink_extack(i8* getelementptr inbounds ([28 x i8], [28 x i8]* @__neigh_update.__msg.18, i64 0, i64 0)) #76 ------------- Good: 2319 Bad: 2 Ignored: 2778 Check Use of Function:acpi_evaluate_integer Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 power_read_file ------------- Path:  Function:power_read_file %3 = alloca i8, align 1 %4 = getelementptr inbounds %struct.pci_slot.317851, %struct.pci_slot.317851* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #76 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 4 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #76 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61136, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 presence_read_file ------------- Path:  Function:presence_read_file %3 = alloca i8, align 1 %4 = getelementptr inbounds %struct.pci_slot.317851, %struct.pci_slot.317851* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #76 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 7 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #76 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61136, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 latch_read_file ------------- Path:  Function:latch_read_file %3 = alloca i8, align 1 %4 = getelementptr inbounds %struct.pci_slot.317851, %struct.pci_slot.317851* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #76 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 6 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #76 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61136, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 attention_read_file ------------- Path:  Function:attention_read_file %3 = alloca i8, align 1 %4 = getelementptr inbounds %struct.pci_slot.317851, %struct.pci_slot.317851* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #76 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 5 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #76 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61136, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 camera_show ------------- Path:  Function:camera_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.26.61166, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cardr_show ------------- Path:  Function:cardr_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 1048576 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.31.61163, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cpufv_show ------------- Path:  Function:cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %35, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.61154, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cpufv_store ------------- Path:  Function:cpufv_store %5 = alloca i64, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = bitcast i32* %6 to i8* %10 = getelementptr inbounds i8, i8* %8, i64 12 %11 = load i8, i8* %10, align 4, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %53 %14 = getelementptr inbounds i8, i8* %8, i64 8 %15 = bitcast i8* %14 to i32* %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 4096 %18 = icmp eq i32 %17, 0 br i1 %18, label %53, label %19 %20 = bitcast i8* %8 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i64* %5 to i8* %23 = call i32 @acpi_evaluate_integer(i8* %21, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.61154, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 available_cpufv_show ------------- Path:  Function:available_cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %42, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.61154, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 uid_show.30973 ------------- Path:  Function:uid_show.30973 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 7 %7 = bitcast i8** %6 to %struct.dock_station** %8 = load %struct.dock_station*, %struct.dock_station** %7, align 8 %9 = getelementptr inbounds %struct.dock_station, %struct.dock_station* %8, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @acpi_evaluate_integer(i8* %10, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30974, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 acpi_device_get_power 1 real_power_state_show ------------- Path:  Function:real_power_state_show %4 = alloca i32, align 4 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i8** %5 to %struct.acpi_device* %7 = bitcast i32* %4 to i8* %8 = call i32 @acpi_device_get_power(%struct.acpi_device* %6, i32* nonnull %4) #76 Function:acpi_device_get_power %3 = alloca i64, align 8 %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 255, i32* %4, align 4 %6 = icmp ne %struct.acpi_device* %0, null %7 = icmp ne i32* %1, null %8 = and i1 %6, %7 br i1 %8, label %9, label %75 %10 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 9, i32 0 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %22 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 11, i32 1, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = call i32 @acpi_power_get_inferred_state(%struct.acpi_device* nonnull %0, i32* nonnull %4) #76 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %75 %30 = load i32, i32* %22, align 4 br label %31 %32 = phi i32 [ %30, %29 ], [ %23, %21 ] %33 = and i32 %32, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast i64* %3 to i8* %37 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 1 %38 = load i8*, i8** %37, align 8 %39 = call i32 @acpi_evaluate_integer(i8* %38, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.11.30559, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 sun_show ------------- Path:  Function:sun_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds i8*, i8** %5, i64 1 %8 = load i8*, i8** %7, align 8 %9 = call i32 @acpi_evaluate_integer(i8* %8, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.30524, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 hrv_show ------------- Path:  Function:hrv_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds i8*, i8** %5, i64 1 %8 = load i8*, i8** %7, align 8 %9 = call i32 @acpi_evaluate_integer(i8* %8, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.3.30525, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 status_show ------------- Path:  Function:status_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds i8*, i8** %5, i64 1 %8 = load i8*, i8** %7, align 8 %9 = call i32 @acpi_evaluate_integer(i8* %8, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.30526, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #76 ------------- Good: 130 Bad: 14 Ignored: 147 Check Use of Function:dev_ifsioc Check Use of Function:nl80211_exit Check Use of Function:posix_clock_compat_ioctl Check Use of Function:ktime_add_safe Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #76 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #76 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #76 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.91509, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.91501* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %6, i32 %23, i32 0) #76 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #76 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.91509, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.91501* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %6, i32 %23, i32 0) #76 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #76 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.91509, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.91501* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %6, i32 %23, i32 0) #76 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #76 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.91509, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.91501* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %6, i32 %23, i32 0) #76 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #76 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.91509, align 8 %6 = alloca %struct.task_struct.91501*, align 8 %7 = alloca %struct.rt_mutex_waiter.91461, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %5 to i8* %10 = bitcast %struct.task_struct.91501** %6 to i8* store %struct.task_struct.91501* null, %struct.task_struct.91501** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91461* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.91501* %15 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #76 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to i8** store i8* %20, i8** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.91501** store %struct.task_struct.91501* null, %struct.task_struct.91501** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %5, i32 %38, i32 0) #76 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #76 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.91509, align 8 %6 = alloca %struct.task_struct.91501*, align 8 %7 = alloca %struct.rt_mutex_waiter.91461, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %5 to i8* %10 = bitcast %struct.task_struct.91501** %6 to i8* store %struct.task_struct.91501* null, %struct.task_struct.91501** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91461* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.91501* %15 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #76 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to i8** store i8* %20, i8** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.91501** store %struct.task_struct.91501* null, %struct.task_struct.91501** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %5, i32 %38, i32 0) #76 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #76 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.91509, align 8 %6 = alloca %struct.task_struct.91501*, align 8 %7 = alloca %struct.rt_mutex_waiter.91461, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %5 to i8* %10 = bitcast %struct.task_struct.91501** %6 to i8* store %struct.task_struct.91501* null, %struct.task_struct.91501** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91461* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.91501* %15 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #76 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to i8** store i8* %20, i8** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.91501** store %struct.task_struct.91501* null, %struct.task_struct.91501** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %5, i32 %38, i32 0) #76 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #76 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.91509, align 8 %6 = alloca %struct.task_struct.91501*, align 8 %7 = alloca %struct.rt_mutex_waiter.91461, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.91509* %5 to i8* %10 = bitcast %struct.task_struct.91501** %6 to i8* store %struct.task_struct.91501* null, %struct.task_struct.91501** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91461* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.91501* %15 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #76 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to i8** store i8* %20, i8** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.91501** store %struct.task_struct.91501* null, %struct.task_struct.91501** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %5, i32 %38, i32 0) #76 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.91509* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91461* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.91501* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %8, i32 %727, i32 0) #77 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #77 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.91509* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91461* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.91501* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %8, i32 %727, i32 0) #77 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #77 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex_time32 2 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.91509* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91461* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.91501* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %8, i32 %727, i32 0) #77 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #77 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex_time32 2 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #76 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.91509, align 8 %9 = alloca %struct.rt_mutex_waiter.91461, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.91511, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.91509* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91461* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.91501* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.91509*, i32, i32)*)(%struct.hrtimer_sleeper.91509* nonnull %8, i32 %727, i32 0) #77 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.91509, %struct.hrtimer_sleeper.91509* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #77 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #76 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #76 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88004*, i64, i1, i1)*, void (%struct.k_itimer.88004*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88004* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #77 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15 %6 = bitcast %union.anon.114.87576* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88005* @clock_realtime, %struct.k_clock.88005* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 store %struct.k_clock.88005* %13, %struct.k_clock.88005** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #76 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #76 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #76 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %113, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #76 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = bitcast i8** %24 to %struct.task_struct** store %struct.task_struct* %26, %struct.task_struct** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %29, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %29, %struct.list_head** %31, align 8 br label %32 %33 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = load %struct.list_head*, %struct.list_head** %31, align 8 %40 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 1 store volatile i32 0, i32* %44, align 8 %45 = sext i32 %33 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %38 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %78 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0 %79 = call i64 @alarm_forward_now(%struct.alarm* %78, i64 %70) #76 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #76 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.19.9446, i64 0, i64 0), i32 154, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "12:\0A\09.pushsection .discard.reachable\0A\09.long 12b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #76 ------------- Good: 8 Bad: 21 Ignored: 16 Check Use of Function:ieee80211_stop_tx_ba_cb Check Use of Function:drm_dev_put Use: =BAD PATH= Call Stack: 0 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.448538** %5 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.381449* %9) #76 ------------- Good: 3 Bad: 1 Ignored: 8 Check Use of Function:free_ret_instance Check Use of Function:pci_intx Check Use of Function:qdisc_put Check Use of Function:io_arm_poll_handler Check Use of Function:ieee80211_txq_remove_vlan Check Use of Function:swsusp_swap_in_use Check Use of Function:__netif_set_xps_queue Check Use of Function:pci_config_pm_runtime_put Check Use of Function:__fsnotify_parent Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 br label %202 %203 = phi i32 [ %199, %198 ], [ %201, %200 ] %204 = icmp eq i32 %203, 0 br i1 %204, label %205, label %261 %206 = shl i32 %139, 1 %207 = and i32 %206, 4 %208 = select i1 %152, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %139, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %139, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %139, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %139, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %139, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %261, label %232 %233 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %234 = bitcast %struct.inode.150157* %233 to i8* %235 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %233, i64 0, i32 8 %236 = load %struct.super_block.150144*, %struct.super_block.150144** %235, align 8 %237 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %236, i64 0, i32 44, i32 0 %238 = load volatile i64, i64* %237, align 8 %239 = icmp eq i64 %238, 0 br i1 %239, label %261, label %240 %241 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %233, i64 0, i32 0 %242 = load i16, i16* %241, align 8 %243 = and i16 %242, -4096 %244 = icmp eq i16 %243, 16384 br i1 %244, label %245, label %251 %246 = or i32 %230, 1073741824 %247 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 16384 %250 = icmp eq i32 %249, 0 br i1 %250, label %258, label %251 %252 = phi i32 [ %246, %245 ], [ %230, %240 ] %253 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 3 %254 = load %struct.dentry.150148*, %struct.dentry.150148** %253, align 8 %255 = icmp eq %struct.dentry.150148* %254, %1 br i1 %255, label %258, label %256 %257 = tail call i32 bitcast (i32 (%struct.dentry.161288*, i32, i8*, i32)* @__fsnotify_parent to i32 (%struct.dentry.150148*, i32, i8*, i32)*)(%struct.dentry.150148* %1, i32 %252, i8* %234, i32 2) #76 ------------- Good: 199 Bad: 1 Ignored: 167 Check Use of Function:blk_rq_map_user Check Use of Function:d_lookup Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.22.18768, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #76 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #76 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.23.18769, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #76 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #76 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #76 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #76 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #76 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #77 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #78 ------------- Good: 15 Bad: 1 Ignored: 0 Check Use of Function:sync_blockdev Check Use of Function:ww_mutex_lock_interruptible Use: =BAD PATH= Call Stack: 0 i915_gem_madvise_ioctl ------------- Path:  Function:i915_gem_madvise_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp ult i32 %6, 2 br i1 %7, label %8, label %179 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #76 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.448284* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !5 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !6, !misexpect !7 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #76 br label %37 %38 = icmp eq i32 %32, 0 %39 = select i1 %38, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %14 br label %40 %41 = phi %struct.drm_i915_gem_object.448284* [ null, %8 ], [ %39, %37 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %42 = icmp eq %struct.drm_i915_gem_object.448284* %41, null br i1 %42, label %179, label %43 %44 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %41, i64 0, i32 0, i32 0, i32 0, i32 9 %45 = load %struct.dma_resv*, %struct.dma_resv** %44, align 8 %46 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %45, i64 0, i32 0 %47 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %46, %struct.ww_acquire_ctx* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 __assign_mmap_offset_handle 1 i915_gem_mmap_offset_ioctl ------------- Path:  Function:i915_gem_mmap_offset_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 24 %5 = bitcast i8* %4 to %struct.i915_user_extension** %6 = load %struct.i915_user_extension*, %struct.i915_user_extension** %5, align 8 %7 = tail call i32 @i915_user_extensions(%struct.i915_user_extension* %6, i32 (%struct.i915_user_extension*, i8*)** null, i32 0, i8* null) #76 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %35 %10 = getelementptr inbounds i8, i8* %1, i64 16 %11 = bitcast i8* %10 to i64* %12 = load i64, i64* %11, align 8 switch i64 %12, label %35 [ i64 0, label %13 i64 1, label %19 i64 2, label %28 i64 3, label %23 i64 4, label %27 ] %14 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 37 %15 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %14, i64 88 %16 = bitcast %struct.drm_property.381365** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %35, label %28 %29 = phi i32 [ 4, %27 ], [ 0, %13 ], [ 1, %19 ], [ 2, %9 ], [ 3, %23 ] %30 = bitcast i8* %1 to i32* %31 = load i32, i32* %30, align 8 %32 = getelementptr inbounds i8, i8* %1, i64 8 %33 = bitcast i8* %32 to i64* %34 = tail call fastcc i32 @__assign_mmap_offset_handle(%struct.drm_file* %2, i32 %31, i32 %29, i64* %33) #77 Function:__assign_mmap_offset_handle tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %0, i64 0, i32 14 %6 = zext i32 %1 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #76 %8 = bitcast i8* %7 to %struct.drm_i915_gem_object.448284* %9 = icmp eq i8* %7, null br i1 %9, label %34, label %10 %11 = bitcast i8* %7 to %struct.seqcount_spinlock* %12 = bitcast i8* %7 to i32* %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %10 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %12, i32 %17, i32* nonnull %12, i32 %16) #6, !srcloc !5 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !6, !misexpect !7 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %10 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %11, i32 0) #76 br label %31 %32 = icmp eq i32 %26, 0 %33 = select i1 %32, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %8 br label %34 %35 = phi %struct.drm_i915_gem_object.448284* [ null, %4 ], [ %33, %31 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %36 = icmp eq %struct.drm_i915_gem_object.448284* %35, null br i1 %36, label %231, label %37 %38 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %35, i64 0, i32 0, i32 0, i32 0, i32 9 %39 = load %struct.dma_resv*, %struct.dma_resv** %38, align 8 %40 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %39, i64 0, i32 0 %41 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %40, %struct.ww_acquire_ctx* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %134 %10 = getelementptr inbounds i8, i8* %1, i64 4 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 switch i32 %12, label %134 [ i32 0, label %21 i32 1, label %13 i32 2, label %16 ] %14 = and i24 %6, 525312 %15 = icmp eq i24 %14, 0 br i1 %15, label %134, label %21 %22 = phi i32 [ %20, %16 ], [ %12, %9 ], [ 1, %13 ] %23 = bitcast i8* %1 to i32* %24 = load i32, i32* %23, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %26 = zext i32 %24 to i64 %27 = tail call i8* @idr_find(%struct.idr* %25, i64 %26) #76 %28 = bitcast i8* %27 to %struct.drm_i915_gem_object.486024* %29 = icmp eq i8* %27, null br i1 %29, label %54, label %30 %31 = bitcast i8* %27 to %struct.seqcount_spinlock* %32 = bitcast i8* %27 to i32* %33 = load volatile i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %45, label %35 %36 = phi i32 [ %43, %42 ], [ %33, %30 ] %37 = add i32 %36, 1 %38 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %32, i32 %37, i32* nonnull %32, i32 %36) #6, !srcloc !5 %39 = extractvalue { i8, i32 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %43 = extractvalue { i8, i32 } %38, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %35 %46 = phi i32 [ 0, %30 ], [ %36, %35 ], [ 0, %42 ] %47 = add i32 %46, 1 %48 = or i32 %47, %46 %49 = icmp sgt i32 %48, -1 br i1 %49, label %51, label %50, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %31, i32 0) #76 br label %51 %52 = icmp eq i32 %46, 0 %53 = select i1 %52, %struct.drm_i915_gem_object.486024* null, %struct.drm_i915_gem_object.486024* %28 br label %54 %55 = phi %struct.drm_i915_gem_object.486024* [ null, %21 ], [ %53, %51 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %56 = icmp eq %struct.drm_i915_gem_object.486024* %55, null br i1 %56, label %134, label %57 %58 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 1 %59 = load %struct.drm_i915_gem_object_ops.486010*, %struct.drm_i915_gem_object_ops.486010** %58, align 8 %60 = getelementptr inbounds %struct.drm_i915_gem_object_ops.486010, %struct.drm_i915_gem_object_ops.486010* %59, i64 0, i32 0 %61 = load i32, i32* %60, align 8 %62 = and i32 %61, 4 %63 = icmp eq i32 %62, 0 br i1 %63, label %72, label %64 %73 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %55, i64 0, i32 0, i32 0, i32 0, i32 9 %74 = load %struct.dma_resv*, %struct.dma_resv** %73, align 8 %75 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %74, i64 0, i32 0 %76 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %75, %struct.ww_acquire_ctx* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_single_interruptible 1 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.437765** %8 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.437765* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.437606* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #76 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_single_interruptible 1 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.410274** %6 = load %struct.drm_crtc.410274*, %struct.drm_crtc.410274** %5, align 8 %7 = getelementptr inbounds %struct.drm_crtc.410274, %struct.drm_crtc.410274* %6, i64 0, i32 26 %8 = bitcast i64* %3 to i8* %9 = getelementptr inbounds %struct.drm_crtc.410274, %struct.drm_crtc.410274* %6, i64 0, i32 0 %10 = load %struct.drm_device.381449*, %struct.drm_device.381449** %9, align 8 %11 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %10, i64 0, i32 4 %12 = load %struct.drm_driver*, %struct.drm_driver** %11, align 8 %13 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %12, i64 0, i32 24 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %10, i64 0, i32 10 %16 = load i32, i32* %15, align 8 %17 = and i32 %14, 16 %18 = and i32 %17, %16 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %28 %21 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %10, i64 0, i32 30, i32 27 %22 = load %struct.drm_mode_config_funcs.381430*, %struct.drm_mode_config_funcs.381430** %21, align 8 %23 = icmp eq %struct.drm_mode_config_funcs.381430* %22, null br i1 %23, label %38, label %24 %25 = getelementptr inbounds %struct.drm_mode_config_funcs.381430, %struct.drm_mode_config_funcs.381430* %22, i64 0, i32 5 %26 = load i32 (%struct.drm_device.381449*, %struct.drm_atomic_state.381429*, i1)*, i32 (%struct.drm_device.381449*, %struct.drm_atomic_state.381429*, i1)** %25, align 8 %27 = icmp eq i32 (%struct.drm_device.381449*, %struct.drm_atomic_state.381429*, i1)* %26, null br i1 %27, label %38, label %28 %29 = getelementptr inbounds %struct.drm_crtc.410274, %struct.drm_crtc.410274* %6, i64 0, i32 4 %30 = tail call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %29) #76 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #76 ------------- Good: 228 Bad: 5 Ignored: 215 Check Use of Function:tg3_free_rings Check Use of Function:flush_delayed_work Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #76 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39745, i64 0, i64 0)) #76 br label %50 %51 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 25 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %52) #76 %53 = load i32, i32* %5, align 4 %54 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 12 store i32 %53, i32* %54, align 4 %55 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 1, i32 1 store i32 0, i32* %55, align 8 %56 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 2, i32 1 store i32 0, i32* %56, align 8 %57 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 3, i32 1 store i32 0, i32* %57, align 8 %58 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 4, i32 1 store i32 0, i32* %58, align 8 %59 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 5, i32 1 store i32 0, i32* %59, align 8 %60 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 6, i32 1 store i32 0, i32* %60, align 8 %61 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 7, i32 1 store i32 0, i32* %61, align 8 %62 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 8, i32 1 store i32 0, i32* %62, align 8 %63 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 9, i32 1 store i32 0, i32* %63, align 8 %64 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 10, i32 1 store i32 0, i32* %64, align 8 %65 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 11, i32 1 store i32 0, i32* %65, align 8 %66 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 12, i32 1 store i32 0, i32* %66, align 8 %67 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 13, i32 1 store i32 0, i32* %67, align 8 %68 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 14, i32 1 store i32 0, i32* %68, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %69 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %69, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %70 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 6 %71 = call zeroext i1 @flush_delayed_work(%struct.delayed_work* %70) #76 ------------- Good: 26 Bad: 1 Ignored: 9 Check Use of Function:xt_request_find_table_lock Check Use of Function:__put_net Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.157736*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #76 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 5 %3 = load %struct.dentry.157676*, %struct.dentry.157676** %2, align 8 %4 = icmp eq %struct.dentry.157676* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157314*, %struct.fs_context_operations.157314** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157314* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157314, %struct.fs_context_operations.157314* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.157736*)*, void (%struct.fs_context.157736*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.157736*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #76 %25 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %26) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %9) #76 tail call void @generic_fillattr(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %9, %struct.kstat* %2) #77 %11 = icmp eq %struct.net* %10, null br i1 %11, label %28, label %12 %13 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 16 %14 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %13, align 32 %15 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %14, i64 0, i32 13 %16 = load i32, i32* %15, align 8 %17 = getelementptr inbounds %struct.kstat, %struct.kstat* %2, i64 0, i32 2 store i32 %16, i32* %17, align 8 %18 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 -1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 1 br i1 %21, label %27, label %22 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* nonnull %10) #77 ------------- Use: =BAD PATH= Call Stack: 0 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %10) #76 ------------- Good: 85 Bad: 4 Ignored: 90 Check Use of Function:user_disable_single_step Check Use of Function:get_ucounts Check Use of Function:mq_select_queue Check Use of Function:cpus_read_unlock Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #76 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %93, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #76 %38 = load i32, i32* @nr_cpu_ids, align 4 %39 = icmp ugt i32 %38, %1 br i1 %39, label %40, label %92 %41 = zext i32 %1 to i64 %42 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %41) #6, !srcloc !9 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %92, label %45 call void @cpus_read_unlock() #76 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #76 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %93, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #76 %38 = load i32, i32* @nr_cpu_ids, align 4 %39 = icmp ugt i32 %38, %1 br i1 %39, label %40, label %92 %41 = zext i32 %1 to i64 %42 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %41) #6, !srcloc !9 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %92, label %45 call void @cpus_read_unlock() #76 ------------- Good: 87 Bad: 2 Ignored: 0 Check Use of Function:ext4_xattr_inode_iget Check Use of Function:hibernation_platform_enter Check Use of Function:vfs_path_lookup Check Use of Function:dump_emit Check Use of Function:mq_leaf Check Use of Function:cpus_read_lock Use: =BAD PATH= Call Stack: 0 cpufreq_boost_trigger_state 1 store_boost ------------- Path:  Function:store_boost %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.29.58823, i64 0, i64 0), i32* nonnull %5) #76 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = icmp ugt i32 %9, 1 %11 = or i1 %8, %10 br i1 %11, label %20, label %12 %13 = call i32 @cpufreq_boost_trigger_state(i32 %9) #76 Function:cpufreq_boost_trigger_state %2 = load %struct.cpufreq_driver*, %struct.cpufreq_driver** @cpufreq_driver, align 8 %3 = getelementptr inbounds %struct.cpufreq_driver, %struct.cpufreq_driver* %2, i64 0, i32 21 %4 = load i8, i8* %3, align 8, !range !4 %5 = zext i8 %4 to i32 %6 = icmp eq i32 %5, %0 br i1 %6, label %41, label %7 %8 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* nonnull @cpufreq_driver_lock) #76 %9 = icmp ne i32 %0, 0 %10 = load %struct.cpufreq_driver*, %struct.cpufreq_driver** @cpufreq_driver, align 8 %11 = getelementptr inbounds %struct.cpufreq_driver, %struct.cpufreq_driver* %10, i64 0, i32 21 %12 = zext i1 %9 to i8 store i8 %12, i8* %11, align 8 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* nonnull @cpufreq_driver_lock, i64 %8) #76 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 __kmem_cache_shrink 1 kmem_cache_shrink 2 shrink_store ------------- Path:  Function:shrink_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %8 %7 = tail call i32 @kmem_cache_shrink(%struct.kmem_cache* %0) #76 Function:kmem_cache_shrink %2 = tail call i32 @__kmem_cache_shrink(%struct.kmem_cache* %0) #76 Function:__kmem_cache_shrink %2 = alloca %struct.list_head, align 8 %3 = alloca [32 x %struct.list_head], align 16 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %19, label %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@cpu_partial_store, %14)) #6 to label %19 [label %14], !srcloc !4 %20 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 7 store i32 %11, i32* %20, align 4 call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %130 = load i32, i32* %9, align 8 %131 = and i32 %130, 16386 %132 = icmp eq i32 %131, 0 br i1 %132, label %137, label %133 %138 = phi i8 [ %136, %133 ], [ %110, %129 ] %139 = and i8 %138, 1 %140 = icmp eq i8 %139, 0 br i1 %140, label %142, label %141 call void @clock_was_set(i32 0) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %130 = load i32, i32* %9, align 8 %131 = and i32 %130, 16386 %132 = icmp eq i32 %131, 0 br i1 %132, label %137, label %133 %138 = phi i8 [ %136, %133 ], [ %110, %129 ] %139 = and i8 %138, 1 %140 = icmp eq i8 %139, 0 br i1 %140, label %142, label %141 call void @clock_was_set(i32 0) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %130 = load i32, i32* %9, align 8 %131 = and i32 %130, 16386 %132 = icmp eq i32 %131, 0 br i1 %132, label %137, label %133 %138 = phi i8 [ %136, %133 ], [ %110, %129 ] %139 = and i8 %138, 1 %140 = icmp eq i8 %139, 0 br i1 %140, label %142, label %141 call void @clock_was_set(i32 0) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %130 = load i32, i32* %9, align 8 %131 = and i32 %130, 16386 %132 = icmp eq i32 %131, 0 br i1 %132, label %137, label %133 %138 = phi i8 [ %136, %133 ], [ %110, %129 ] %139 = and i8 %138, 1 %140 = icmp eq i8 %139, 0 br i1 %140, label %142, label %141 call void @clock_was_set(i32 0) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 timekeeping_inject_offset 2 timekeeping_warp_clock 3 __se_sys_settimeofday 4 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %168, label %91 %169 = phi i32 [ 0, %155 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %171 = add i32 %170, 1 store i32 %171, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %9) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 timekeeping_inject_offset 2 timekeeping_warp_clock 3 __se_sys_settimeofday 4 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #76 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.util_est, align 4 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast %struct.cpu_itimer* %3 to i8* %7 = bitcast %struct.util_est* %4 to i8* %8 = icmp eq i64 %0, 0 br i1 %8, label %35, label %9 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %12 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 8, i64 %10) #6, !srcloc !4 %13 = extractvalue { i64*, i64, i64 } %12, 0 %14 = extractvalue { i64*, i64, i64 } %12, 1 %15 = extractvalue { i64*, i64, i64 } %12, 2 %16 = ptrtoint i64* %13 to i64 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %14, i64* %17, align 8 %18 = and i64 %16, 4294967295 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %76, !prof !5, !misexpect !6 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !7 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %76, !prof !5, !misexpect !6 %32 = icmp ugt i64 %25, 1000000 br i1 %32, label %76, label %33 %34 = mul nuw nsw i64 %25, 1000 store i64 %34, i64* %28, align 8 br label %35 %36 = icmp eq i64 %1, 0 br i1 %36, label %41, label %37 %38 = inttoptr i64 %1 to i8* %39 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %38, i64 8) #76 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %76 %42 = phi %struct.util_est* [ null, %35 ], [ %4, %37 ] %43 = select i1 %8, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %8, label %54, label %44 %45 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %73, label %48 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, 1000000000 %52 = icmp ult i64 %46, 8277292036 %53 = and i1 %52, %51 br i1 %53, label %54, label %73 %55 = call i32 @security_settime64(%struct.cpu_itimer* %43, %struct.util_est* %42) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %73 %58 = icmp eq %struct.util_est* %42, null br i1 %58, label %70, label %59 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %42, i64 0, i32 0 %61 = load i32, i32* %60, align 4 %62 = add i32 %61, 900 %63 = icmp ugt i32 %62, 1800 br i1 %63, label %73, label %64 %65 = bitcast %struct.util_est* %42 to i64* %66 = load i64, i64* %65, align 4 store i64 %66, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %67 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %67, label %70, label %68 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %8, label %69, label %71 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %168, label %91 %169 = phi i32 [ 0, %155 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %171 = add i32 %170, 1 store i32 %171, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %9) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 timekeeping_inject_offset 2 timekeeping_warp_clock 3 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast %struct.cpu_itimer* %2 to i8* %12 = bitcast %struct.util_est* %3 to i8* %13 = icmp eq i64 %6, 0 br i1 %13, label %42, label %14 %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = sext i32 %19 to i64 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %22, i64* %23, align 8 %24 = and i64 %21, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %83, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i32, i64 } %29, 0 %31 = extractvalue { i32*, i32, i64 } %29, 1 %32 = extractvalue { i32*, i32, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = sext i32 %31 to i64 %35 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %34, i64* %35, align 8 %36 = and i64 %33, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %83, !prof !5, !misexpect !6 %39 = icmp ugt i32 %31, 1000000 br i1 %39, label %83, label %40 %41 = mul nsw i64 %34, 1000 store i64 %41, i64* %35, align 8 br label %42 %43 = icmp eq i64 %9, 0 br i1 %43, label %48, label %44 %45 = inttoptr i64 %9 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %45, i64 8) #76 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %83 %49 = phi %struct.util_est* [ null, %42 ], [ %3, %44 ] %50 = select i1 %13, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %13, label %61, label %51 %52 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %53 = load i64, i64* %52, align 8 %54 = icmp slt i64 %53, 0 br i1 %54, label %80, label %55 %56 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = icmp ult i64 %57, 1000000000 %59 = icmp ult i64 %53, 8277292036 %60 = and i1 %59, %58 br i1 %60, label %61, label %80 %62 = call i32 @security_settime64(%struct.cpu_itimer* %50, %struct.util_est* %49) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %80 %65 = icmp eq %struct.util_est* %49, null br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.util_est, %struct.util_est* %49, i64 0, i32 0 %68 = load i32, i32* %67, align 4 %69 = add i32 %68, 900 %70 = icmp ugt i32 %69, 1800 br i1 %70, label %80, label %71 %72 = bitcast %struct.util_est* %49 to i64* %73 = load i64, i64* %72, align 4 store i64 %73, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #76 %74 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %74, label %77, label %75 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %13, label %76, label %78 call void @timekeeping_warp_clock() #76 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #76 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %10 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86121* %12) #76 %16 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #76 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %168, label %91 %169 = phi i32 [ 0, %155 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %171 = add i32 %170, 1 store i32 %171, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %9) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i32, i64 } %8, 0 %10 = extractvalue { i32*, i32, i64 } %8, 1 %11 = extractvalue { i32*, i32, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = sext i32 %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %13, i64* %14, align 8 %15 = and i64 %12, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ false, %117 ], [ true, %88 ], [ true, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %138 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ false, %117 ], [ true, %88 ], [ true, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %138 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ false, %117 ], [ true, %88 ], [ true, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %138 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #76 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %154 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %16 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86121*, %struct.clocksource.86121** getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86121, %struct.clocksource.86121* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86121*)*, i64 (%struct.clocksource.86121*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86121* %18) #76 %22 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #76 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ false, %117 ], [ true, %88 ], [ true, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1), i32 7) #77 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %138 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #76 call void @clock_was_set(i32 170) #76 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %7 = load i8, i8* %6, align 16 %8 = and i8 %7, 1 %9 = icmp ne i8 %8, 0 %10 = load i64, i64* @tick_nohz_active, align 8 %11 = icmp ne i64 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %13, label %96 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %14, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #76 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %93, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 %59 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %59, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #76 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %93, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 %59 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %59, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #76 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %93, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #76 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %93, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %25 = bitcast [1 x %struct.cpumask]* %4 to i8* %26 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %27 = icmp eq i32 %26, 1 br i1 %27, label %61, label %28 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %29, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %25 = bitcast [1 x %struct.cpumask]* %4 to i8* %26 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %27 = icmp eq i32 %26, 1 br i1 %27, label %61, label %28 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %29, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 wq_pool_ids_show ------------- Path:  Function:wq_pool_ids_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %5 = bitcast i32* %4 to %struct.workqueue_struct** %6 = load %struct.workqueue_struct*, %struct.workqueue_struct** %5, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 wq_nice_store ------------- Path:  Function:wq_nice_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 wq_cpumask_store ------------- Path:  Function:wq_cpumask_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 wq_numa_store ------------- Path:  Function:wq_numa_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %7 = bitcast i32* %6 to %struct.workqueue_struct** %8 = load %struct.workqueue_struct*, %struct.workqueue_struct** %7, align 8 %9 = bitcast i32* %5 to i8* tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 workqueue_set_unbound_cpumask 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #76 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %13 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %12 = call i32 @workqueue_set_unbound_cpumask(%struct.cpumask* nonnull %11) #77 Function:workqueue_set_unbound_cpumask %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %4 = load i64, i64* %3, align 8 %5 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %6 = and i64 %5, %4 store i64 %6, i64* %3, align 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %69, label %8 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 set_sysctl_tfa ------------- Path:  Function:set_sysctl_tfa %5 = alloca i8, align 1 %6 = call i32 @kstrtobool(i8* %2, i8* nonnull %5) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i8, i8* %5, align 1, !range !4 %12 = load i8, i8* @allow_tsx_force_abort, align 1, !range !4 %13 = icmp eq i8 %11, %12 br i1 %13, label %15, label %14 store i8 %11, i8* @allow_tsx_force_abort, align 1 call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #76 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #77 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %31 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 8 %32 = call i64 @simple_strtoul(i8* %31, i8** nonnull %5, i32 0) #76 %33 = trunc i64 %32 to i32 %34 = call i32 @mtrr_del_page(i32 %33, i64 0, i64 0) #76 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %220 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %221 = load i64, i64* %220, align 8 %222 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %223 = load i32, i32* %222, align 8 %224 = zext i32 %223 to i64 %225 = call i32 @mtrr_del_page(i32 -1, i64 %221, i64 %224) #76 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %220 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %221 = load i64, i64* %220, align 8 %222 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %223 = load i32, i32* %222, align 8 %224 = zext i32 %223 to i64 %225 = call i32 @mtrr_del_page(i32 -1, i64 %221, i64 %224) #76 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_del 2 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file.29588, %struct.file.29588* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.29589** %5 = load %struct.seq_file.29589*, %struct.seq_file.29589** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.29589, %struct.seq_file.29589* %5, i64 0, i32 11 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #76 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %16, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %12, label %10 %13 = lshr i64 %1, 12 %14 = lshr i64 %2, 12 %15 = tail call i32 @mtrr_del_page(i32 %0, i64 %13, i64 %14) #77 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #76 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #77 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %39 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3126, i64 0, i64 0), i64 5) %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %73 %42 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 5 %43 = call i64 @simple_strtoull(i8* %42, i8** nonnull %5, i32 0) #76 %44 = load i8*, i8** %5, align 8 %45 = call i8* @skip_spaces(i8* %44) #76 store i8* %45, i8** %5, align 8 %46 = call i32 @strncmp(i8* %45, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.10.3127, i64 0, i64 0), i64 5) #77 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %73 %49 = getelementptr i8, i8* %45, i64 5 %50 = call i64 @simple_strtoull(i8* %49, i8** nonnull %5, i32 0) #76 %51 = or i64 %50, %43 %52 = and i64 %51, 4095 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %73 %55 = load i8*, i8** %5, align 8 %56 = call i8* @skip_spaces(i8* %55) #76 store i8* %56, i8** %5, align 8 %57 = call i32 @strncmp(i8* %56, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.11.3128, i64 0, i64 0), i64 5) #77 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %73 %60 = getelementptr i8, i8* %56, i64 5 %61 = call i8* @skip_spaces(i8* %60) #76 store i8* %61, i8** %5, align 8 %62 = call i32 @match_string(i8** getelementptr inbounds ([7 x i8*], [7 x i8*]* @mtrr_strings, i64 0, i64 0), i64 7, i8* %61) #76 %63 = icmp slt i32 %62, 0 br i1 %63, label %64, label %66 %67 = lshr i64 %43, 12 %68 = lshr i64 %50, 12 %69 = call i32 @mtrr_add_page(i64 %67, i64 %68, i32 %62, i1 zeroext true) #76 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.317892* (i32, %struct.pci_dev.317892*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #76 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.317892*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #76 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_file_add 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %179 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %180 = load i64, i64* %179, align 8 %181 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %182 = load i32, i32* %181, align 8 %183 = zext i32 %182 to i64 %184 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %185 = load i32, i32* %184, align 4 %186 = call fastcc i32 @mtrr_file_add(i64 %180, i64 %183, i32 %185, %struct.file.29588* %0, i32 1) #77 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29588, %struct.file.29588* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29589** %8 = load %struct.seq_file.29589*, %struct.seq_file.29589** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29589, %struct.seq_file.29589* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #76 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29589*, %struct.seq_file.29589** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29589, %struct.seq_file.29589* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #76 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.317892* (i32, %struct.pci_dev.317892*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #76 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.317892*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #76 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_file_add 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #76 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %179 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %180 = load i64, i64* %179, align 8 %181 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %182 = load i32, i32* %181, align 8 %183 = zext i32 %182 to i64 %184 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %185 = load i32, i32* %184, align 4 %186 = call fastcc i32 @mtrr_file_add(i64 %180, i64 %183, i32 %185, %struct.file.29588* %0, i32 1) #77 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29588, %struct.file.29588* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29589** %8 = load %struct.seq_file.29589*, %struct.seq_file.29589** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29589, %struct.seq_file.29589* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #76 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29589*, %struct.seq_file.29589** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29589, %struct.seq_file.29589* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #76 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.317892* (i32, %struct.pci_dev.317892*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #76 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.317892*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #76 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #76 ------------- Use: =BAD PATH= Call Stack: 0 reload_store ------------- Path:  Function:reload_store %5 = alloca i64, align 8 %6 = load i16, i16* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 32), align 4 %7 = zext i16 %6 to i32 %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i64, i64* %5, align 8 %15 = icmp eq i64 %14, 1 br i1 %15, label %16, label %52 call void @cpus_read_lock() #76 ------------- Good: 466 Bad: 35 Ignored: 303 Check Use of Function:_atomic_dec_and_lock Use: =BAD PATH= Call Stack: 0 md_attr_show ------------- Path:  Function:md_attr_show %4 = getelementptr %struct.kobject.299569, %struct.kobject.299569* %0, i64 -2, i32 5 %5 = bitcast %struct.kernfs_node.299568** %4 to %struct.mddev* %6 = getelementptr inbounds %struct.attribute, %struct.attribute* %1, i64 1 %7 = bitcast %struct.attribute* %6 to i64 (%struct.mddev*, i8*)** %8 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %9 = icmp eq i64 (%struct.mddev*, i8*)* %8, null br i1 %9, label %67, label %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #76 %11 = getelementptr inbounds %struct.kernfs_node.299568*, %struct.kernfs_node.299568** %4, i64 121 %12 = bitcast %struct.kernfs_node.299568** %11 to %struct.list_head* %13 = bitcast %struct.kernfs_node.299568** %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %16, label %17 %18 = getelementptr inbounds %struct.kernfs_node.299568*, %struct.kernfs_node.299568** %4, i64 65 %19 = bitcast %struct.kernfs_node.299568** %18 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32* %19) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %21 = tail call i64 %20(%struct.mddev* %5, i8* %2) #76 %22 = bitcast %struct.kernfs_node.299568** %18 to %struct.kuid_t* %23 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %22, %struct.spinlock* nonnull @all_mddevs_lock) #76 ------------- Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #76 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %140, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.299710*, %struct.gendisk.299710** %32, align 8 %34 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %35 = load %struct.gendisk.299710*, %struct.gendisk.299710** %34, align 8 %36 = icmp eq %struct.gendisk.299710* %33, %35 br i1 %36, label %82, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #76 ------------- Use: =BAD PATH= Call Stack: 0 md_release ------------- Path:  Function:md_release %3 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %0, i64 0, i32 10 %4 = bitcast i8** %3 to %struct.mddev** %5 = load %struct.mddev*, %struct.mddev** %4, align 8 %6 = icmp eq %struct.mddev* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 62, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !8 %10 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 61 %11 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %10, %struct.spinlock* nonnull @all_mddevs_lock) #76 ------------- Good: 21 Bad: 3 Ignored: 26 Check Use of Function:pci_get_slot Use: =BAD PATH= Call Stack: 0 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 4 %15 = bitcast %struct.qspinlock* %14 to %struct.pci_bus.322166** %16 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %15, align 8 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 14, i32 0, i32 0, i32 0 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 248 %20 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %16, i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %23 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %24 = load i32, i32* %14, align 8 %25 = and i32 %24, 248 %26 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %23, i32 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %23 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %24 = load i32, i32* %14, align 8 %25 = and i32 %24, 248 %26 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %23, i32 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %0, i64 %18, i64 1, i8* nonnull %11) #76 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %47, i32 %49) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %0, i64 %18, i64 1, i8* nonnull %11) #76 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %47, i32 %49) #76 ------------- Use: =BAD PATH= Call Stack: 0 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 4 %15 = bitcast %struct.qspinlock* %14 to %struct.pci_bus.322166** %16 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %15, align 8 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 14, i32 0, i32 0, i32 0 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 248 %20 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %16, i32 %19) #76 ------------- Good: 23 Bad: 6 Ignored: 21 Check Use of Function:kernfs_vma_access Check Use of Function:pci_user_read_config_byte Check Use of Function:netdev_master_upper_dev_get Check Use of Function:efivar_entry_set Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.714367* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 %53 = icmp eq i32 %52, 0 br i1 %53, label %56, label %54 %57 = icmp eq i32 %33, 0 %58 = icmp eq i32 %23, 0 %59 = or i1 %58, %57 br i1 %59, label %60, label %62 %63 = icmp ult i32 %23, 128 br i1 %63, label %64, label %66 %65 = tail call zeroext i1 @efivar_validate(i64 %26, i64 %29, i16* nonnull %30, i8* %35, i64 %34) #77 br i1 %65, label %68, label %66 %69 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 3, i64 0 %70 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %71 = load i32, i32* %32, align 1 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 2 store i64 %72, i64* %73, align 1 %74 = load i32, i32* %22, align 1 %75 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 5 store i32 %74, i32* %75, align 1 br label %126 %127 = phi i64 [ %34, %68 ], [ %91, %125 ] %128 = phi i32 [ %23, %68 ], [ %81, %125 ] %129 = phi i8* [ %35, %68 ], [ %92, %125 ] %130 = tail call i32 bitcast (i32 (%struct.efivar_entry.713491*, i32, i64, i8*, %struct.list_head*)* @efivar_entry_set to i32 (%struct.efivar_entry.714367*, i32, i64, i8*, %struct.list_head*)*)(%struct.efivar_entry.714367* nonnull %0, i32 %128, i64 %127, i8* %129, %struct.list_head* null) #77 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:do_blank_screen Check Use of Function:free_cgroup_ns Use: =BAD PATH= Call Stack: 0 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #76 ------------- Good: 9 Bad: 1 Ignored: 0 Check Use of Function:ieee80211_key_free_common Check Use of Function:md_set_read_only Check Use of Function:rfkill_fop_ioctl Check Use of Function:set_binfmt Check Use of Function:xt_compat_check_entry_offsets Check Use of Function:__ext4_std_error Check Use of Function:lo_compat_ioctl Check Use of Function:rtnetlink_send Check Use of Function:security_sb_umount Check Use of Function:ieee80211_roc_purge Check Use of Function:drm_atomic_helper_disable_plane Check Use of Function:drm_mode_get_hv_timing Check Use of Function:efivar_validate Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.714367* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 %95 = icmp eq i32 %94, 0 br i1 %95, label %96, label %111 %97 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1 %98 = bitcast %struct.uuid_t* %97 to i64* %99 = load i64, i64* %98, align 1 %100 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %101 = bitcast i8* %100 to i64* %102 = load i64, i64* %101, align 1 %103 = bitcast { i64, i64 }* %4 to i8* %104 = bitcast { i64, i64 }* %5 to i8* %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %84, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %87, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %99, i64* %107, align 8 %108 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %102, i64* %108, align 8 %109 = call i32 @bcmp(i8* nonnull dereferenceable(16) %103, i8* nonnull dereferenceable(16) %104, i64 16) #6 %110 = icmp eq i32 %109, 0 br i1 %110, label %113, label %111 %114 = icmp eq i64 %91, 0 %115 = icmp eq i32 %81, 0 %116 = or i1 %115, %114 br i1 %116, label %117, label %119 %120 = icmp ult i32 %81, 128 br i1 %120, label %121, label %123 %122 = tail call zeroext i1 @efivar_validate(i64 %84, i64 %87, i16* nonnull %88, i8* %92, i64 %91) #77 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.714367* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.714268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.714268**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.714268* %14 = getelementptr inbounds %struct.task_struct.714268, %struct.task_struct.714268* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.714367* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.714367, %struct.efivar_entry.714367* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 %53 = icmp eq i32 %52, 0 br i1 %53, label %56, label %54 %57 = icmp eq i32 %33, 0 %58 = icmp eq i32 %23, 0 %59 = or i1 %58, %57 br i1 %59, label %60, label %62 %63 = icmp ult i32 %23, 128 br i1 %63, label %64, label %66 %65 = tail call zeroext i1 @efivar_validate(i64 %26, i64 %29, i16* nonnull %30, i8* %35, i64 %34) #77 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:pci_xr17c154_setup Check Use of Function:kernel_sigaction Check Use of Function:d_instantiate_new Check Use of Function:dst_release Use: =BAD PATH= Call Stack: 0 rt6_remove_exception 1 fib6_nh_remove_exception 2 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %4 = icmp eq %struct.dst_entry.892411* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.892388** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1 %13 = bitcast %struct.dst_entry.892411* %12 to %struct.fib6_info.892427** %14 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %13, align 8 %15 = load i32, i32* %7, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq %struct.fib6_info.892427* %14, null br i1 %25, label %61, label %26 %27 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = load volatile %struct.fib6_info.892427*, %struct.fib6_info.892427** %13, align 8 %43 = icmp eq %struct.fib6_info.892427* %42, null %44 = and i32 %15, 16777216 %45 = icmp eq i32 %44, 0 %46 = or i1 %45, %43 br i1 %46, label %61, label %47 %48 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %42, i64 0, i32 17 %49 = load %struct.nexthop.892423*, %struct.nexthop.892423** %48, align 8 %50 = icmp eq %struct.nexthop.892423* %49, null br i1 %50, label %58, label %51 %59 = getelementptr inbounds %struct.fib6_info.892427, %struct.fib6_info.892427* %42, i64 0, i32 18, i64 0 %60 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.892426* %59, %struct.rt6_info.892424* nonnull %3) #76 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.250, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.892426, %struct.fib6_nh.892426* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null br i1 %7, label %63, label %8 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #76 %9 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %10 = icmp eq %struct.rt6_exception_bucket* %9, null %11 = ptrtoint %struct.rt6_exception_bucket* %9 to i64 %12 = and i64 %11, -2 %13 = inttoptr i64 %12 to %struct.rt6_exception_bucket* %14 = select i1 %10, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %13 %15 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %1, i64 0, i32 3, i32 0 %16 = icmp ne %struct.rt6_exception_bucket* %14, null %17 = icmp ne %struct.in6_addr* %15, null %18 = and i1 %17, %16 br i1 %18, label %19, label %61 %20 = bitcast %struct.anon.250* %3 to i8* %21 = bitcast %struct.in6_addr* %15 to i8* %22 = getelementptr inbounds %struct.anon.250, %struct.anon.250* %3, i64 0, i32 1 %23 = bitcast %struct.in6_addr* %22 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %24)) #6 to label %29 [label %24], !srcloc !4 %30 = call i64 @__siphash_unaligned(i8* nonnull %20, i64 32, %struct.siphash_key_t* nonnull @rt6_exception_hash.rt6_exception_key) #76 %31 = mul i64 %30, 7046029254386353131 %32 = lshr i64 %31, 54 %33 = getelementptr %struct.rt6_exception_bucket, %struct.rt6_exception_bucket* %14, i64 %32 %34 = bitcast %struct.rt6_exception_bucket* %33 to %struct.rt6_exception** %35 = load %struct.rt6_exception*, %struct.rt6_exception** %34, align 8 %36 = icmp eq %struct.rt6_exception* %35, null br i1 %36, label %61, label %37 %38 = bitcast %struct.in6_addr* %15 to i64* %39 = load i64, i64* %38, align 8 %40 = getelementptr %struct.rt6_info.892424, %struct.rt6_info.892424* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i64 2 %41 = bitcast i32* %40 to i64* %42 = load i64, i64* %41, align 8 br label %43 %44 = phi %struct.rt6_exception* [ %35, %37 ], [ %58, %56 ] %45 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %44, i64 0, i32 1 %46 = load %struct.rt6_info.892424*, %struct.rt6_info.892424** %45, align 8 %47 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %46, i64 0, i32 3, i32 0 %48 = bitcast %struct.in6_addr* %47 to i64* %49 = load i64, i64* %48, align 8 %50 = getelementptr %struct.rt6_info.892424, %struct.rt6_info.892424* %46, i64 0, i32 3, i32 0, i32 0, i32 0, i64 2 %51 = bitcast i32* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = icmp eq i64 %39, %49 %54 = icmp eq i64 %42, %52 %55 = and i1 %53, %54 br i1 %55, label %60, label %56 call fastcc void @rt6_remove_exception(%struct.rt6_exception_bucket* %33, %struct.rt6_exception* nonnull %44) #77 Function:rt6_remove_exception %3 = icmp ne %struct.rt6_exception_bucket* %0, null %4 = icmp ne %struct.rt6_exception* %1, null %5 = and i1 %3, %4 br i1 %5, label %6, label %56 %7 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 1 %8 = load %struct.rt6_info.892424*, %struct.rt6_info.892424** %7, align 8 %9 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %8, i64 0, i32 0, i32 0 %10 = load %struct.net_device.892517*, %struct.net_device.892517** %9, align 8 %11 = getelementptr inbounds %struct.net_device.892517, %struct.net_device.892517* %10, i64 0, i32 109, i32 0 %12 = load %struct.net.892636*, %struct.net.892636** %11, align 8 %13 = getelementptr inbounds %struct.net.892636, %struct.net.892636* %12, i64 0, i32 35, i32 8 %14 = load %struct.rt6_statistics*, %struct.rt6_statistics** %13, align 8 %15 = getelementptr inbounds %struct.rt6_statistics, %struct.rt6_statistics* %14, i64 0, i32 3 %16 = load i32, i32* %15, align 4 %17 = add i32 %16, -1 store i32 %17, i32* %15, align 4 %18 = load %struct.rt6_info.892424*, %struct.rt6_info.892424** %7, align 8 %19 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %18, i64 0, i32 1 %20 = tail call %struct.fib6_info.892427* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.fib6_info.892427** %19, %struct.fib6_info.892427* null, %struct.fib6_info.892427** %19) #6, !srcloc !4 %21 = icmp eq %struct.fib6_info.892427* %20, null br i1 %21, label %34, label %22 %35 = load %struct.rt6_info.892424*, %struct.rt6_info.892424** %7, align 8 %36 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %35, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.892411*)*)(%struct.dst_entry.892411* %36) #76 %37 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 0 %38 = load %struct.hlist_node*, %struct.hlist_node** %37, align 8 %39 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 1 %40 = load %struct.hlist_node**, %struct.hlist_node*** %39, align 8 store volatile %struct.hlist_node* %38, %struct.hlist_node** %40, align 8 %41 = icmp eq %struct.hlist_node* %38, null br i1 %41, label %44, label %42 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %39, align 8 %45 = load %struct.rt6_info.892424*, %struct.rt6_info.892424** %7, align 8 %46 = getelementptr inbounds %struct.rt6_info.892424, %struct.rt6_info.892424* %45, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.892411*)*)(%struct.dst_entry.892411* %46) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.892411* %0 to %struct.rt6_info.892424* %4 = icmp eq %struct.dst_entry.892411* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.892411, %struct.dst_entry.892411* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.892388** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.892411*)*)(%struct.dst_entry.892411* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __udp_disconnect ------------- Path:  Function:__udp_disconnect %3 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 4 store volatile i8 7, i8* %3, align 2 %4 = bitcast %struct.sock.848801* %0 to i32* store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 2 %6 = bitcast %struct.kuid_t* %5 to i16* store i16 0, i16* %6, align 4 %7 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 21, i32 0 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 6 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 43 %10 = load i8, i8* %9, align 8 %11 = and i8 %10, 64 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %46 %14 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 1, i32 0, i32 1, i32 0 store i32 0, i32* %14, align 8 %15 = bitcast %struct.sock.848801* %0 to %struct.util_est* %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %15, i64 0, i32 1 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 3 %18 = load i16, i16* %17, align 8 %19 = icmp eq i16 %18, 10 br i1 %19, label %20, label %34 %35 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 8 %36 = load %struct.proto.848781*, %struct.proto.848781** %35, align 8 %37 = getelementptr inbounds %struct.proto.848781, %struct.proto.848781* %36, i64 0, i32 23 %38 = load void (%struct.sock.848801*)*, void (%struct.sock.848801*)** %37, align 8 %39 = icmp eq void (%struct.sock.848801*)* %38, null br i1 %39, label %44, label %40 %41 = load i8, i8* %9, align 8 %42 = icmp sgt i8 %41, -1 br i1 %42, label %52, label %43 tail call void %38(%struct.sock.848801* %0) #76 br label %44 %45 = load i8, i8* %9, align 8 br label %46 %47 = phi i8 [ %45, %44 ], [ %10, %2 ] %48 = icmp sgt i8 %47, -1 br i1 %48, label %49, label %57 %58 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 0, i32 16 store i16 -1, i16* %58, align 8 %59 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 27 store i32 0, i32* %59, align 8 %60 = getelementptr inbounds %struct.sock.848801, %struct.sock.848801* %0, i64 0, i32 16 %61 = tail call %struct.dst_entry.848438* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.dst_entry.848438** %60, %struct.dst_entry.848438* null, %struct.dst_entry.848438** %60) #6, !srcloc !4 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.848438*)*)(%struct.dst_entry.848438* %61) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %3 = icmp eq %struct.dst_entry.828721* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %3 = icmp eq %struct.dst_entry.828721* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %2, i64 0, i32 2 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 262144 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.dst_entry.828721, %struct.dst_entry.828721* %0, i64 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.828747* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.828747* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.828747* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.828747* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.828747** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.828747* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.828747** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %35, align 8 %37 = icmp eq %struct.rtable.828746* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %35, align 8 %39 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 br label %40 %41 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 8 %42 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %41, align 8 %43 = icmp eq %struct.rtable.828746* %42, null br i1 %43, label %46, label %44 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %41, align 8 %45 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %42, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %45) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %45) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.828747* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.828747* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.828747* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.828747* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.828747** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.828747* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.828747** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %35, align 8 %37 = icmp eq %struct.rtable.828746* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %35, align 8 %39 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 br label %40 %41 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 8 %42 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %41, align 8 %43 = icmp eq %struct.rtable.828746* %42, null br i1 %43, label %46, label %44 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %41, align 8 %45 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %42, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %45) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %45) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.828747* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.828747* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.828747* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.828747* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.828747** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.828747* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.828747** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %35, align 8 %37 = icmp eq %struct.rtable.828746* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %35, align 8 %39 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 br label %40 %41 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 8 %42 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %41, align 8 %43 = icmp eq %struct.rtable.828746* %42, null br i1 %43, label %46, label %44 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %41, align 8 %45 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %42, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %45) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %45) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.828747* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.828747* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.828747* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.828747* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.828747** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.828747* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.828747** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %35, align 8 %37 = icmp eq %struct.rtable.828746* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %35, align 8 %39 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.828747* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.828747* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.828747* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.828747* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.828747** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.828747* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.828747** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %35, align 8 %37 = icmp eq %struct.rtable.828746* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %35, align 8 %39 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %177 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %178 = phi %struct.net_device.829233* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %179 = tail call fastcc %struct.rtable.828746* @__mkroute_output(%struct.fib_result.829243* %2, %struct.flowi4* %1, i32 %176, %struct.net_device.829233* %178, i32 %177) #77 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 7 %8 = load %struct.fib_info.828750*, %struct.fib_info.828750** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %12, align 8 %14 = icmp eq %struct.in_device.829188* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 0 %17 = load %struct.net_device.829233*, %struct.net_device.829233** %16, align 8 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.828834*, %struct.net.828834** %18, align 8 %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.853901*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.829188*, i32, i32, i8)*)(%struct.in_device.829188* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #76 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.828750* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.828749*, %struct.fib_nh_common.828749** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.828748* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.828747* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.828747* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.828749* %112, i32 %104) #76 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #76 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.fib_nh_common.828749, %struct.fib_nh_common.828749* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.828748*, %struct.fnhe_hash_bucket.828748** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.828748, %struct.fnhe_hash_bucket.828748* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.828747* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.828747* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.828747*, %struct.fib_nh_exception.828747** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.828747* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.828747* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.828747** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.828747* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.828747** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.828747, %struct.fib_nh_exception.828747* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.828746*, %struct.rtable.828746** %35, align 8 %37 = icmp eq %struct.rtable.828746* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.828746* null, %struct.rtable.828746** %35, align 8 %39 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.758572*)* @dst_dev_put to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.828721*)*)(%struct.dst_entry.828721* %39) #76 ------------- Use: =BAD PATH= Call Stack: 0 dst_cache_per_cpu_get 1 dst_cache_get_ip4 2 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %491, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.859228*, i32)*)(%struct.sk_buff.859228* %0, i32 %33) #76 %35 = icmp eq i8* %34, null br i1 %35, label %491, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %491 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2361 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2366 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2376 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2388 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 15 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.859017* %91 = icmp eq i64 %89, 0 br i1 %91, label %485, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.859017, %struct.dst_entry.859017* %90, i64 0, i32 1 %95 = load %struct.dst_ops.858999*, %struct.dst_ops.858999** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.858999, %struct.dst_ops.858999* %95, i64 0, i32 14 %97 = load %struct.neighbour.858998* (%struct.dst_entry.859017*, %struct.sk_buff.859228*, i8*)*, %struct.neighbour.858998* (%struct.dst_entry.859017*, %struct.sk_buff.859228*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.858998* %97(%struct.dst_entry.859017* nonnull %90, %struct.sk_buff.859228* null, i8* %93) #76 %99 = icmp ugt %struct.neighbour.858998* %98, inttoptr (i64 -4096 to %struct.neighbour.858998*) %100 = icmp eq %struct.neighbour.858998* %98, null %101 = or i1 %99, %100 br i1 %101, label %485, label %102 %103 = getelementptr inbounds %struct.neighbour.858998, %struct.neighbour.858998* %98, i64 0, i32 26 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #76 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.858998, %struct.neighbour.858998* %98, i64 0, i32 6 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.858998*)*)(%struct.neighbour.858998* nonnull %98) #76 br label %130 br i1 %119, label %485, label %131 %132 = phi i32 [ %68, %80 ], [ %118, %130 ] %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %196 %135 = getelementptr inbounds i8, i8* %59, i64 24 %136 = bitcast i8* %135 to i16* %137 = load i16, i16* %136, align 4 %138 = icmp eq i16 %137, 544 br i1 %138, label %139, label %144 %140 = getelementptr i8, i8* %135, i64 2 %141 = bitcast i8* %140 to i32* %142 = load i32, i32* %141, align 2 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %196 %145 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 4, i32 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = and i64 %146, -2 %148 = inttoptr i64 %147 to %struct.dst_entry.859017* %149 = icmp eq i64 %147, 0 br i1 %149, label %485, label %150 %151 = getelementptr inbounds %struct.dst_entry.859017, %struct.dst_entry.859017* %148, i64 0, i32 1 %152 = load %struct.dst_ops.858999*, %struct.dst_ops.858999** %151, align 8 %153 = getelementptr inbounds %struct.dst_ops.858999, %struct.dst_ops.858999* %152, i64 0, i32 14 %154 = load %struct.neighbour.858998* (%struct.dst_entry.859017*, %struct.sk_buff.859228*, i8*)*, %struct.neighbour.858998* (%struct.dst_entry.859017*, %struct.sk_buff.859228*, i8*)** %153, align 8 %155 = tail call %struct.neighbour.858998* %154(%struct.dst_entry.859017* nonnull %148, %struct.sk_buff.859228* null, i8* %135) #76 %156 = icmp ugt %struct.neighbour.858998* %155, inttoptr (i64 -4096 to %struct.neighbour.858998*) %157 = icmp eq %struct.neighbour.858998* %155, null %158 = or i1 %156, %157 br i1 %158, label %485, label %159 %160 = getelementptr inbounds %struct.neighbour.858998, %struct.neighbour.858998* %155, i64 0, i32 26 %161 = bitcast [0 x i8]* %160 to %struct.in6_addr* %162 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %161) #76 %163 = and i32 %162, 65535 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %174 %166 = load i8*, i8** %11, align 8 %167 = load i16, i16* %13, align 4 %168 = zext i16 %167 to i64 %169 = getelementptr i8, i8* %166, i64 %168 %170 = getelementptr inbounds i8, i8* %169, i64 24 %171 = bitcast i8* %170 to %struct.in6_addr* %172 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %171) #76 %173 = and i32 %172, 65535 br label %174 %175 = phi %struct.in6_addr* [ %171, %165 ], [ %161, %159 ] %176 = phi i32 [ %173, %165 ], [ %163, %159 ] %177 = trunc i32 %176 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %182, label %179 %180 = getelementptr %struct.in6_addr, %struct.in6_addr* %175, i64 0, i32 0, i32 0, i64 3 %181 = load i32, i32* %180, align 4 br label %182 %183 = phi i32 [ %181, %179 ], [ 0, %174 ] %184 = phi i1 [ false, %179 ], [ true, %174 ] %185 = getelementptr inbounds %struct.neighbour.858998, %struct.neighbour.858998* %155, i64 0, i32 6 %186 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %185, i64 0, i32 0, i32 0 %187 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %186, i32 -1, i32* %186) #6, !srcloc !7 %188 = icmp eq i32 %187, 1 br i1 %188, label %194, label %189 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.858998*)*)(%struct.neighbour.858998* nonnull %155) #76 br label %195 br i1 %184, label %485, label %196 %197 = phi i32 [ %142, %139 ], [ %183, %195 ], [ %132, %131 ] %198 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2344 %199 = bitcast i8* %198 to i32* %200 = load i32, i32* %199, align 8 %201 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2424 %202 = bitcast i8* %201 to i32* %203 = load i32, i32* %202, align 8 %204 = and i8 %81, 30 %205 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2372 %206 = bitcast i8* %205 to i32* %207 = load i32, i32* %206, align 4 %208 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2272 %209 = bitcast i8* %208 to %struct.net.859129** %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %200, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %211, align 4 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %203, i32* %212, align 8 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %204, i8* %213, align 4 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %214, align 1 %215 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %215, align 2 %216 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 %217 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %197, i32* %217, align 4 %218 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %207, i32* %218, align 8 %219 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %220 = bitcast %struct.kuid_t* %219 to %struct.raw_hdlc_proto* %221 = bitcast %struct.kuid_t* %219 to i16* store i16 0, i16* %221, align 8 %222 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %220, i64 0, i32 1 store i16 0, i16* %222, align 2 %223 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 10 store i32 0, i32* %223, align 8 %224 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %1, i64 0, i32 0, i64 2312 %225 = bitcast i8* %224 to %struct.dst_cache* %226 = call %struct.rtable.859079* bitcast (%struct.rtable.772478* (%struct.dst_cache*, i32*)* @dst_cache_get_ip4 to %struct.rtable.859079* (%struct.dst_cache*, i32*)*)(%struct.dst_cache* %225, i32* %218) #76 Function:dst_cache_get_ip4 %3 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 0 %4 = load %struct.dst_cache_pcpu*, %struct.dst_cache_pcpu** %3, align 8 %5 = icmp eq %struct.dst_cache_pcpu* %4, null br i1 %5, label %15, label %6 %7 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.dst_cache_pcpu* nonnull %4) #6, !srcloc !4 %8 = inttoptr i64 %7 to %struct.dst_cache_pcpu* %9 = tail call fastcc %struct.dst_entry.772956* @dst_cache_per_cpu_get(%struct.dst_cache* %0, %struct.dst_cache_pcpu* %8) #76 Function:dst_cache_per_cpu_get %3 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 1 %4 = load %struct.dst_entry.772956*, %struct.dst_entry.772956** %3, align 8 %5 = icmp eq %struct.dst_entry.772956* %4, null br i1 %5, label %44, label %6 %7 = getelementptr inbounds %struct.dst_entry.772956, %struct.dst_entry.772956* %4, i64 0, i32 11, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 0 br i1 %9, label %20, label %10, !prof !4, !misexpect !5 %11 = phi i32 [ %18, %17 ], [ %8, %6 ] %12 = add i32 %11, 1 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 %12, i32* %7, i32 %11) #6, !srcloc !6 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = icmp slt i64 %26, 0 br i1 %27, label %28, label %41, !prof !9 %29 = getelementptr inbounds %struct.dst_entry.772956, %struct.dst_entry.772956* %4, i64 0, i32 8 %30 = load i16, i16* %29, align 2 %31 = icmp eq i16 %30, 0 br i1 %31, label %47, label %32 %33 = getelementptr inbounds %struct.dst_entry.772956, %struct.dst_entry.772956* %4, i64 0, i32 1 %34 = load %struct.dst_ops.772465*, %struct.dst_ops.772465** %33, align 8 %35 = getelementptr inbounds %struct.dst_ops.772465, %struct.dst_ops.772465* %34, i64 0, i32 3 %36 = load %struct.dst_entry.772956* (%struct.dst_entry.772956*, i32)*, %struct.dst_entry.772956* (%struct.dst_entry.772956*, i32)** %35, align 16 %37 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 2 %38 = load i32, i32* %37, align 8 %39 = tail call %struct.dst_entry.772956* %36(%struct.dst_entry.772956* nonnull %4, i32 %38) #76 %40 = icmp eq %struct.dst_entry.772956* %39, null br i1 %40, label %41, label %47, !prof !4, !misexpect !5 %42 = load %struct.dst_entry.772956*, %struct.dst_entry.772956** %3, align 8 tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.772956*)*)(%struct.dst_entry.772956* %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 msg_zerocopy_callback 4 __pskb_pull_tail 5 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.751083** %53 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %52, align 8 %54 = icmp eq %struct.sk_buff.751083* %53, null br i1 %54, label %169, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.750960]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %169 %170 = phi i32 [ %48, %46 ], [ %156, %155 ], [ %168, %159 ], [ %48, %73 ], [ %48, %63 ] %171 = phi i8* [ %47, %46 ], [ %157, %155 ], [ %167, %159 ], [ %47, %73 ], [ %47, %63 ] %172 = zext i32 %170 to i64 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 2 %175 = load i8, i8* %174, align 2 %176 = icmp eq i8 %175, 0 br i1 %176, label %237, label %177 %178 = phi i64 [ %226, %223 ], [ 0, %169 ] %179 = phi i8* [ %230, %223 ], [ %173, %169 ] %180 = phi i32 [ %225, %223 ], [ 0, %169 ] %181 = phi i32 [ %224, %223 ], [ %1, %169 ] %182 = getelementptr inbounds i8, i8* %179, i64 48 %183 = bitcast i8* %182 to [17 x %struct.page_frag.750960]* %184 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %178, i32 1 %185 = load i32, i32* %184, align 8 %186 = icmp slt i32 %181, %185 br i1 %186, label %206, label %187 %207 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %178 %208 = sext i32 %180 to i64 %209 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208 %210 = bitcast %struct.page_frag.750960* %209 to i8* %211 = bitcast %struct.page_frag.750960* %207 to i8* %212 = icmp eq i32 %181, 0 br i1 %212, label %221, label %213 %214 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208, i32 2 %215 = load i32, i32* %214, align 4 %216 = add i32 %215, %181 store i32 %216, i32* %214, align 4 %217 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208, i32 1 %218 = load i32, i32* %217, align 8 %219 = sub i32 %218, %181 store i32 %219, i32* %217, align 8 %220 = icmp eq i64 %178, 0 br i1 %220, label %241, label %221 %242 = load i32, i32* %3, align 8 %243 = add i32 %242, %1 store i32 %243, i32* %3, align 8 %244 = load i32, i32* %36, align 4 %245 = sub i32 %244, %1 store i32 %245, i32* %36, align 4 %246 = icmp ne i32 %245, 0 %247 = icmp eq %struct.sk_buff.751083* %0, null %248 = or i1 %247, %246 br i1 %248, label %281, label %249 %250 = load i8*, i8** %39, align 8 %251 = load i32, i32* %6, align 4 %252 = zext i32 %251 to i64 %253 = getelementptr i8, i8* %250, i64 %252 %254 = load i8, i8* %253, align 8 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %281, label %257 %258 = getelementptr inbounds i8, i8* %253, i64 40 %259 = bitcast i8* %258 to %struct.ubuf_info.751440** %260 = load %struct.ubuf_info.751440*, %struct.ubuf_info.751440** %259, align 8 %261 = icmp eq %struct.ubuf_info.751440* %260, null br i1 %261, label %281, label %262 %263 = ptrtoint %struct.ubuf_info.751440* %260 to i64 %264 = and i64 %263, 1 %265 = icmp eq i64 %264, 0 br i1 %265, label %266, label %274 %267 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %260, i64 0, i32 0 %268 = load void (%struct.sk_buff.751083*, %struct.ubuf_info.751440*, i1)*, void (%struct.sk_buff.751083*, %struct.ubuf_info.751440*, i1)** %267, align 8 tail call void %268(%struct.sk_buff.751083* nonnull %0, %struct.ubuf_info.751440* nonnull %260, i1 zeroext false) #77 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 1 %5 = bitcast %union.anon.203.750013* %4 to %struct.anon.192.751443* %6 = getelementptr inbounds %struct.anon.192.751443, %struct.anon.192.751443* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 -1, i32 1 %22 = bitcast %union.anon.203.750013* %21 to %struct.sk_buff.751083* %23 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.751117** %25 = load %struct.sock.751117*, %struct.sock.751117** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #76 br label %35 %36 = getelementptr inbounds %struct.anon.192.751443, %struct.anon.192.751443* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.203.750013* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #76 %66 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.751083*, %struct.sk_buff.751083** %66, align 8 %68 = bitcast %struct.sk_buff_head.750855* %63 to %struct.sk_buff.751083* %69 = icmp eq %struct.sk_buff.751083* %67, %68 %70 = icmp eq %struct.sk_buff.751083* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.203.750013* %21 to %struct.sk_buff.751083** store volatile %struct.sk_buff.751083* %68, %struct.sk_buff.751083** %95, align 8 %96 = getelementptr %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.751083** store volatile %struct.sk_buff.751083* %67, %struct.sk_buff.751083** %97, align 8 store volatile %struct.sk_buff.751083* %22, %struct.sk_buff.751083** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.751083* %22, %struct.sk_buff.751083** %98, align 8 %99 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.751083* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #76 tail call void bitcast (void (%struct.sock.273263*)* @sk_error_report to void (%struct.sock.751117*)*)(%struct.sock.751117* %25) #76 br label %104 %105 = phi %struct.sk_buff.751083* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.751083* %105) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.750969* tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.750969*)*)(%struct.dst_entry.750969* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 __neigh_event_send 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.828735*, %struct.sk_buff.829144*)*)(%struct.neighbour.828735* %181, %struct.sk_buff.829144* null) #76 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #76 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 store i8 8, i8* %4, align 1 %99 = load volatile i64, i64* @jiffies, align 64 %100 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %99, i64* %100, align 8 %101 = load volatile i64, i64* @jiffies, align 64 %102 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %103 = load %struct.neigh_parms*, %struct.neigh_parms** %102, align 8 %104 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %103, i64 0, i32 10, i64 6 %105 = load i32, i32* %104, align 4 %106 = sext i32 %105 to i64 %107 = add i64 %101, %106 %108 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 6 %109 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %108, i64 0, i32 0, i32 0 %110 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32 1, i32* %109) #6, !srcloc !8 %111 = icmp eq i32 %110, 0 br i1 %111, label %116, label %112, !prof !9, !misexpect !6 %113 = add i32 %110, 1 %114 = or i32 %113, %110 %115 = icmp sgt i32 %114, -1 br i1 %115, label %118, label %116, !prof !5, !misexpect !6 %117 = phi i32 [ 2, %98 ], [ 1, %112 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %108, i32 %117) #76 br label %118 %119 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 9 %120 = tail call i32 @mod_timer(%struct.timer_list* %119, i64 %107) #76 %121 = icmp eq i32 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load i8, i8* %4, align 1 %124 = zext i8 %123 to i32 %125 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.15.63539, i64 0, i64 0), i32 %124) #77 tail call void @dump_stack() #77 br label %126 %127 = phi i1 [ true, %122 ], [ true, %118 ], [ false, %70 ], [ false, %66 ], [ true, %77 ] %128 = load i8, i8* %4, align 1 %129 = icmp eq i8 %128, 1 br i1 %129, label %130, label %226 %131 = icmp eq %struct.sk_buff* %1, null br i1 %131, label %226, label %132 %133 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 7 %134 = load i32, i32* %133, align 4 %135 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %136 = load i32, i32* %135, align 8 %137 = add i32 %136, %134 %138 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %139 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %140 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %139, i64 0, i32 10, i64 8 %141 = load i32, i32* %140, align 4 %142 = icmp ugt i32 %137, %141 br i1 %142, label %143, label %179 %144 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %145 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %144, i64 0, i32 0 %146 = bitcast %struct.sk_buff_head* %144 to %struct.sk_buff* %147 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %148 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 br label %149 %150 = load %struct.sk_buff*, %struct.sk_buff** %145, align 8 %151 = icmp eq %struct.sk_buff* %150, %146 %152 = icmp eq %struct.sk_buff* %150, null %153 = or i1 %151, %152 br i1 %153, label %179, label %154 %155 = load i32, i32* %147, align 8 %156 = add i32 %155, -1 store volatile i32 %156, i32* %147, align 8 %157 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 0 %158 = load %struct.sk_buff*, %struct.sk_buff** %157, align 8 %159 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 1 %160 = load %struct.sk_buff*, %struct.sk_buff** %159, align 8 %161 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %158, i64 0, i32 0, i32 0, i32 1 %162 = bitcast %struct.sk_buff* %150 to i8* store volatile %struct.sk_buff* %160, %struct.sk_buff** %161, align 8 %163 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %160, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %158, %struct.sk_buff** %163, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 42 %165 = load i32, i32* %164, align 8 %166 = load i32, i32* %133, align 4 %167 = sub i32 %166, %165 store i32 %167, i32* %133, align 4 tail call void bitcast (void (%struct.sk_buff.751083*)* @kfree_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %150) #76 %168 = load %struct.neigh_table*, %struct.neigh_table** %148, align 8 %169 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %168, i64 0, i32 28 %170 = load %struct.neigh_statistics*, %struct.neigh_statistics** %169, align 8 %171 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %170, i64 0, i32 10 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %171, i64* %171) #6, !srcloc !10 %172 = load i32, i32* %133, align 4 %173 = load i32, i32* %135, align 8 %174 = add i32 %173, %172 %175 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %176 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %175, i64 0, i32 10, i64 8 %177 = load i32, i32* %176, align 4 %178 = icmp ugt i32 %174, %177 br i1 %178, label %149, label %179 %180 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 4, i32 0, i32 0 %181 = load i64, i64* %180, align 8 %182 = and i64 %181, 1 %183 = icmp ne i64 %182, 0 %184 = icmp ugt i64 %181, 1 %185 = and i1 %184, %183 br i1 %185, label %186, label %212 %213 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %214 = bitcast %struct.sk_buff_head* %213 to %struct.sk_buff* %215 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %216 = load %struct.sk_buff*, %struct.sk_buff** %215, align 8 %217 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %214, %struct.sk_buff** %217, align 8 %218 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 1 store volatile %struct.sk_buff* %216, %struct.sk_buff** %218, align 8 store volatile %struct.sk_buff* %1, %struct.sk_buff** %215, align 8 %219 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %216, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %1, %struct.sk_buff** %219, align 8 %220 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %221 = load i32, i32* %220, align 8 %222 = add i32 %221, 1 store volatile i32 %222, i32* %220, align 8 %223 = load i32, i32* %135, align 8 %224 = load i32, i32* %133, align 4 %225 = add i32 %224, %223 store i32 %225, i32* %133, align 4 br label %226 %227 = phi i32 [ 0, %126 ], [ 1, %130 ], [ 1, %212 ] br i1 %127, label %249, label %228 %229 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %231 = load volatile %struct.sk_buff*, %struct.sk_buff** %230, align 8 %232 = bitcast %struct.sk_buff_head* %229 to %struct.sk_buff* %233 = icmp eq %struct.sk_buff* %231, %232 %234 = icmp eq %struct.sk_buff* %231, null %235 = or i1 %233, %234 br i1 %235, label %238, label %236 %237 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %231, i32 2592) #76 br label %238 %239 = phi %struct.sk_buff* [ %237, %236 ], [ null, %228 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %240 = bitcast %struct.rwlock_t* %3 to i8* store volatile i8 0, i8* %240, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %241 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %242 = load %struct.neigh_ops*, %struct.neigh_ops** %241, align 8 %243 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %242, i64 0, i32 1 %244 = load void (%struct.neighbour*, %struct.sk_buff*)*, void (%struct.neighbour*, %struct.sk_buff*)** %243, align 8 %245 = icmp eq void (%struct.neighbour*, %struct.sk_buff*)* %244, null br i1 %245, label %247, label %246 %248 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 11, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %248, i32* %248) #6, !srcloc !14 tail call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %239) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.750969* tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.750969*)*)(%struct.dst_entry.750969* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #76 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.750969* tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.750969*)*)(%struct.dst_entry.750969* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.750969* tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.750969*)*)(%struct.dst_entry.750969* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.750969* tail call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.750969*)*)(%struct.dst_entry.750969* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %151 = icmp eq i64 %149, 0 br i1 %151, label %192, label %152 %153 = and i64 %149, 1 %154 = icmp eq i64 %153, 0 br i1 %154, label %155, label %158 %156 = and i64 %149, -2 %157 = inttoptr i64 %156 to %struct.dst_entry.757495* call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.757495*)*)(%struct.dst_entry.757495* %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %151 = icmp eq i64 %149, 0 br i1 %151, label %192, label %152 %153 = and i64 %149, 1 %154 = icmp eq i64 %153, 0 br i1 %154, label %155, label %158 %156 = and i64 %149, -2 %157 = inttoptr i64 %156 to %struct.dst_entry.757495* call void bitcast (void (%struct.dst_entry.758572*)* @dst_release to void (%struct.dst_entry.757495*)*)(%struct.dst_entry.757495* %157) #76 ------------- Good: 1063 Bad: 19 Ignored: 3216 Check Use of Function:ext4_trim_fs Check Use of Function:dec_rlimit_ucounts Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_compat_sys_waitid 5 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br label %19 %20 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 63 %27 = load %struct.pid.48552*, %struct.pid.48552** %26, align 32 %28 = icmp eq %struct.pid.48552* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 95 %42 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #76 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 10 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %61) #76 br label %63 %64 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 5 %65 = load %struct.task_struct.48979*, %struct.task_struct.48979** %64, align 8 %66 = icmp eq %struct.task_struct.48979* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.48979** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.48940* [ %51, %49 ], [ undef, %67 ], [ undef, %63 ] %74 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i32 8) #76 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #76 %81 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %84 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 0) #76 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 1) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 2) #76 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %3, i32 3) #76 %170 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !15 br label %183 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %200 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #76 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #76 %202 = bitcast %struct.task_struct.48979* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !19 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 60 %207 = load %struct.task_struct.48979*, %struct.task_struct.48979** %206, align 8 %208 = icmp eq %struct.task_struct.48979* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 tail call void bitcast (void (%struct.task_struct.102717*)* @seccomp_filter_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void bitcast (void (%struct.pid.177739*)* @proc_flush_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48552*)*)(%struct.pid.48552* %27) #76 tail call void bitcast (void (%struct.task_struct.12252*)* @release_thread to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 %225 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !23 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 ------------- Good: 45 Bad: 8 Ignored: 24 Check Use of Function:_dev_err Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #76 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #76 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %14 = bitcast %struct.list_head** %13 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %14, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #76 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #76 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %15 = bitcast %struct.list_head** %14 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %15, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.60807, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.60807, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %15 = getelementptr inbounds i8, i8* %9, i64 8 %16 = bitcast i8* %15 to %struct.lg4ff_device_entry** %17 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %16, align 8 %18 = icmp eq %struct.lg4ff_device_entry* %17, null br i1 %18, label %19, label %22 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %21 = bitcast %struct.list_head** %20 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %21, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %13 = bitcast %struct.list_head** %12 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %13, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60785, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #76 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.57011, i64 0, i64 0), i16* %21, i8* nonnull %6) #76 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.57013, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.57016, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #76 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.57011, i64 0, i64 0), i16* %21, i8* nonnull %6) #76 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.61.57012, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.57016, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #76 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.59.57018, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.57016, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #76 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.58.57017, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.57016, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 delete_device_store ------------- Path:  Function:delete_device_store %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.57011, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #76 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 %13 = icmp eq i32 %9, 1 %14 = load i8, i8* %6, align 1 %15 = icmp eq i8 %14, 10 %16 = or i1 %13, %15 br i1 %16, label %18, label %17 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.57013, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.64.57010, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 delete_device_store ------------- Path:  Function:delete_device_store %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.57011, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #76 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.61.57012, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.64.57010, i64 0, i64 0)) #77 ------------- Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.350904* %11 = getelementptr inbounds %struct.pnp_dev.350904, %struct.pnp_dev.350904* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #77 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.33921, i64 0, i64 0), i64 7) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.351147*)* @pnp_disable_dev to i32 (%struct.pnp_dev.350904*)*)(%struct.pnp_dev.350904* %10) #77 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.351137*, %struct.pnp_protocol.351137** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.351137, %struct.pnp_protocol.351137* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.351147*)*, i32 (%struct.pnp_dev.351147*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.351147*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %28 = tail call i32 %9(%struct.pnp_dev.351147* %0) #77 %29 = icmp slt i32 %28, 0 %30 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 0 br i1 %29, label %31, label %32 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.8.33819, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 check_for_unclaimed_mmio 1 intel_uncore_forcewake_user_put 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.435893** %5 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.428020*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.435570*)*)(%struct.intel_uncore.435570* %10) #76 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #76 %4 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.428020* %0) #77 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39258, i64 0, i64 0)) #76 ------------- Good: 2979 Bad: 24 Ignored: 2780 Check Use of Function:snd_ctl_ioctl Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %21 = tail call i64 @snd_ctl_ioctl(%struct.file* %0, i32 %1, i64 %9) #76 ------------- Good: 0 Bad: 1 Ignored: 3 Check Use of Function:__tcf_qdisc_find Check Use of Function:__audit_inode_child Check Use of Function:vt_reset_unicode Check Use of Function:xt_compat_match_to_user Check Use of Function:kstrdup_quotable Check Use of Function:cfg80211_stop_p2p_device Check Use of Function:copy_page_to_iter Check Use of Function:drm_modeset_unregister_all Check Use of Function:do_trace_read_msr Use: =BAD PATH= Call Stack: 0 show_energy_efficiency ------------- Path:  Function:show_energy_efficiency %4 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 508) #6, !srcloc !4 %5 = extractvalue { i64, i64 } %4, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@show_energy_efficiency, %6)) #6 to label %10 [label %6], !srcloc !5 %7 = extractvalue { i64, i64 } %4, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %5 tail call void @do_trace_read_msr(i32 508, i64 %9, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 low_power_idle_cpu_residency_us_show ------------- Path:  Function:low_power_idle_cpu_residency_us_show %4 = load i64, i64* getelementptr inbounds (%struct.lpit_residency_info, %struct.lpit_residency_info* @residency_info_ffh, i64 0, i32 0, i32 4), align 4 %5 = trunc i64 %4 to i32 %6 = tail call { i32, i64, i64 } asm sideeffect "2: rdmsr ; xor $0,$0\0A1:\0A\09.section .fixup,\22ax\22\0A\093: mov $4,$0\0A\09xorl %eax, %eax\0A\09xorl %edx, %edx\0A\09jmp 1b\0A\09.previous\0A\09 .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (2b) - .\0A .long (3b) - .\0A .long (ex_handler_default) - .\0A .popsection\0A", "=r,={ax},={dx},{cx},i,~{dirflag},~{fpsr},~{flags}"(i32 %5, i32 -5) #6, !srcloc !4 %7 = extractvalue { i32, i64, i64 } %6, 0 %8 = extractvalue { i32, i64, i64 } %6, 1 %9 = extractvalue { i32, i64, i64 } %6, 2 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@low_power_idle_cpu_residency_us_show, %10)) #6 to label %13 [label %10], !srcloc !5 %11 = shl i64 %9, 32 %12 = or i64 %11, %8 tail call void @do_trace_read_msr(i32 %5, i64 %12, i32 %7) #76 ------------- Use: =BAD PATH= Call Stack: 0 x86_gsbase_read_task 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12252* %0) #77 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12252* %5 = icmp eq %struct.task_struct.12252* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %18 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !8 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = shl i64 %20, 32 %22 = or i64 %21, %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_gsbase_read_task, %23)) #6 to label %86 [label %23], !srcloc !9 tail call void @do_trace_read_msr(i32 -1073741566, i64 %22, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 x86_gsbase_read_task 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12252* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %8, i32 %6, i64 %5) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12252* %0) #77 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12252* %5 = icmp eq %struct.task_struct.12252* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %18 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !8 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = shl i64 %20, 32 %22 = or i64 %21, %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_gsbase_read_task, %23)) #6 to label %86 [label %23], !srcloc !9 tail call void @do_trace_read_msr(i32 -1073741566, i64 %22, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __rdgsbase_inactive 1 x86_gsbase_read_task 2 do_arch_prctl_64 3 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12252* %0) #77 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12252* %5 = icmp eq %struct.task_struct.12252* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %11 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !5 %12 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = call fastcc i64 @__rdgsbase_inactive() #76 Function:__rdgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__rdgsbase_inactive, %4), i8* blockaddress(@__rdgsbase_inactive, %2)) #6 to label %1 [label %4, label %2], !srcloc !4 %5 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !7 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__rdgsbase_inactive, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_read_msr(i32 -1073741566, i64 %9, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __rdgsbase_inactive 1 x86_gsbase_read_task 2 do_arch_prctl_64 3 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12252* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %8, i32 %6, i64 %5) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12252* %0) #77 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12252* %5 = icmp eq %struct.task_struct.12252* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %11 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !5 %12 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = call fastcc i64 @__rdgsbase_inactive() #76 Function:__rdgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__rdgsbase_inactive, %4), i8* blockaddress(@__rdgsbase_inactive, %2)) #6 to label %1 [label %4, label %2], !srcloc !4 %5 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !7 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__rdgsbase_inactive, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_read_msr(i32 -1073741566, i64 %9, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 x86_fsbase_read_task 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12252* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %9, i32 %7, i64 %6) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %60 = tail call i64 @x86_fsbase_read_task(%struct.task_struct.12252* %0) #77 Function:x86_fsbase_read_task %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.12252* %4 = icmp eq %struct.task_struct.12252* %3, %0 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %6 = and i64 %5, 4294967296 %7 = icmp eq i64 %6, 0 br i1 %4, label %8, label %18 br i1 %7, label %11, label %9 %12 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568) #6, !srcloc !6 %13 = extractvalue { i64, i64 } %12, 0 %14 = extractvalue { i64, i64 } %12, 1 %15 = shl i64 %14, 32 %16 = or i64 %15, %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_fsbase_read_task, %17)) #6 to label %80 [label %17], !srcloc !7 tail call void @do_trace_read_msr(i32 -1073741568, i64 %16, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 x86_fsbase_read_task 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12252* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12252* %8, i32 %6, i64 %5) #76 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %60 = tail call i64 @x86_fsbase_read_task(%struct.task_struct.12252* %0) #77 Function:x86_fsbase_read_task %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12252** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12252**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.12252* %4 = icmp eq %struct.task_struct.12252* %3, %0 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %6 = and i64 %5, 4294967296 %7 = icmp eq i64 %6, 0 br i1 %4, label %8, label %18 br i1 %7, label %11, label %9 %12 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568) #6, !srcloc !6 %13 = extractvalue { i64, i64 } %12, 0 %14 = extractvalue { i64, i64 } %12, 1 %15 = shl i64 %14, 32 %16 = or i64 %15, %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_fsbase_read_task, %17)) #6 to label %80 [label %17], !srcloc !7 tail call void @do_trace_read_msr(i32 -1073741568, i64 %16, i32 0) #76 ------------- Good: 312 Bad: 8 Ignored: 2097 Check Use of Function:__tcf_chain_put Check Use of Function:invoke_tx_handlers_late Check Use of Function:ieee80211_mgd_stop Check Use of Function:fat_trim_fs Check Use of Function:acpi_ns_walk_namespace Check Use of Function:putback_movable_pages Check Use of Function:blkdev_read_iter Check Use of Function:__tcf_block_put Check Use of Function:dm_pr_preempt Check Use of Function:snapshot_write_finalize Check Use of Function:blk_rq_map_kern Check Use of Function:loop_control_ioctl Check Use of Function:tty_ldisc_reinit Check Use of Function:nfs_lookup Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %271 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 268435456 %31 = icmp eq i32 %30, 0 br i1 %31, label %271, label %32 %33 = call %struct.dentry* @nfs_lookup(%struct.inode* %0, %struct.dentry* %1, i32 258) #77 ------------- Good: 1 Bad: 1 Ignored: 4 Check Use of Function:cfg80211_radar_event Check Use of Function:elf_map.17942 Check Use of Function:__SCT__tp_func_task_newtask Check Use of Function:__cpuhp_setup_state Check Use of Function:__init_swait_queue_head Use: =BAD PATH= Call Stack: 0 cache_check 1 c_show.69331 ------------- Path:  Function:c_show.69331 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast i8* %1 to %struct.cache_head* %5 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.cache_detail** %7 = load %struct.cache_detail*, %struct.cache_detail** %6, align 8 %8 = icmp eq i8* %1, inttoptr (i64 1 to i8*) br i1 %8, label %9, label %13 %14 = getelementptr inbounds i8, i8* %1, i64 32 %15 = bitcast i8* %14 to %struct.qspinlock* %16 = bitcast i8* %14 to %struct.seqcount_spinlock* %17 = bitcast i8* %14 to i32* %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %13 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #76 br label %26 %27 = tail call i32 @cache_check(%struct.cache_detail* %7, %struct.cache_head* %4, %struct.cache_req* null) #77 Function:cache_check %4 = alloca %struct.thread_deferred_req, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.cache_head, %struct.cache_head* %1, i64 0, i32 4 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 1 %9 = icmp eq i64 %8, 0 br i1 %9, label %15, label %10 %16 = phi i1 [ true, %3 ], [ false, %10 ], [ false, %14 ] %17 = phi i32 [ -11, %3 ], [ -2, %10 ], [ 0, %14 ] %18 = getelementptr inbounds %struct.cache_head, %struct.cache_head* %1, i64 0, i32 1 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.cache_head, %struct.cache_head* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = sub i64 %19, %21 %23 = bitcast %struct.cpu_itimer* %5 to i8* call void @getboottime64(%struct.cpu_itimer* nonnull %5) #76 %24 = call i64 @ktime_get_real_seconds() #76 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = sub i64 %24, %26 %28 = load i64, i64* %20, align 8 %29 = sub i64 %27, %28 %30 = icmp eq %struct.cache_req* %2, null br i1 %30, label %31, label %32 br i1 %16, label %39, label %33 %34 = load i64, i64* %18, align 8 %35 = icmp ne i64 %34, 0 %36 = sdiv i64 %22, 2 %37 = icmp sgt i64 %29, %36 %38 = and i1 %37, %35 br i1 %38, label %39, label %195 %40 = getelementptr inbounds %struct.cache_detail, %struct.cache_detail* %0, i64 0, i32 6 %41 = load i32 (%struct.cache_detail*, %struct.cache_head*)*, i32 (%struct.cache_detail*, %struct.cache_head*)** %40, align 8 %42 = call i32 %41(%struct.cache_detail* %0, %struct.cache_head* %1) #76 switch i32 %42, label %46 [ i32 -22, label %43 i32 -11, label %45 ] %47 = phi i32 [ %17, %39 ], [ %17, %45 ], [ %44, %43 ] %48 = icmp eq i32 %47, -11 br i1 %48, label %49, label %195 %50 = getelementptr inbounds %struct.cache_req, %struct.cache_req* %2, i64 0, i32 1 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %108, label %53 %54 = bitcast %struct.thread_deferred_req* %4 to i8* %55 = getelementptr inbounds %struct.thread_deferred_req, %struct.thread_deferred_req* %4, i64 0, i32 1 %56 = getelementptr inbounds %struct.completion, %struct.completion* %55, i64 0, i32 0 store i32 0, i32* %56, align 8 %57 = getelementptr inbounds %struct.thread_deferred_req, %struct.thread_deferred_req* %4, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %57, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.3.69335, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.69336) #76 ------------- Use: =BAD PATH= Call Stack: 0 rdmsr_safe_on_cpu 1 msr_read ------------- Path:  Function:msr_read %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %44 %17 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %18 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 %19 = icmp eq i64 %2, 0 br i1 %19, label %42, label %20 %21 = bitcast i8* %1 to i32* br label %22 %23 = phi i64 [ %34, %32 ], [ 0, %20 ] %24 = phi i64 [ %35, %32 ], [ %2, %20 ] %25 = phi i32* [ %33, %32 ], [ %21, %20 ] %26 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %17, i32* %18) #76 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = bitcast %struct.__call_single_data* %6 to i8* %10 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %10, align 16 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 8 %13 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %14 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_swait_queue_head(%struct.swait_queue_head* %13, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.1.28385, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.28386) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 ------------- Use: =BAD PATH= Call Stack: 0 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %57 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3442, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key) #76 ------------- Use: =BAD PATH= Call Stack: 0 __flush_work 1 flush_delayed_work 2 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #76 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39745, i64 0, i64 0)) #76 br label %50 %51 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 25 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %52) #76 %53 = load i32, i32* %5, align 4 %54 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 12 store i32 %53, i32* %54, align 4 %55 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 1, i32 1 store i32 0, i32* %55, align 8 %56 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 2, i32 1 store i32 0, i32* %56, align 8 %57 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 3, i32 1 store i32 0, i32* %57, align 8 %58 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 4, i32 1 store i32 0, i32* %58, align 8 %59 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 5, i32 1 store i32 0, i32* %59, align 8 %60 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 6, i32 1 store i32 0, i32* %60, align 8 %61 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 7, i32 1 store i32 0, i32* %61, align 8 %62 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 8, i32 1 store i32 0, i32* %62, align 8 %63 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 9, i32 1 store i32 0, i32* %63, align 8 %64 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 10, i32 1 store i32 0, i32* %64, align 8 %65 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 11, i32 1 store i32 0, i32* %65, align 8 %66 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 12, i32 1 store i32 0, i32* %66, align 8 %67 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 13, i32 1 store i32 0, i32* %67, align 8 %68 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 3, i64 14, i32 1 store i32 0, i32* %68, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %69 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %69, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %70 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %12, i64 0, i32 31, i32 6 %71 = call zeroext i1 @flush_delayed_work(%struct.delayed_work* %70) #76 Function:flush_delayed_work tail call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 1 %3 = tail call i32 @del_timer_sync(%struct.timer_list* %2) #76 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %12 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %13 = tail call fastcc zeroext i1 @__flush_work(%struct.work_struct* %12, i1 zeroext false) #76 Function:__flush_work %3 = alloca %struct.wq_barrier, align 8 %4 = bitcast %struct.wq_barrier* %3 to i8* %5 = load i1, i1* @wq_online, align 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 2 %9 = load void (%struct.work_struct*)*, void (%struct.work_struct*)** %8, align 8 %10 = icmp eq void (%struct.work_struct*)* %9, null br i1 %10, label %11, label %12, !prof !8, !misexpect !5 %13 = tail call i32 @__cond_resched() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %14 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 4 %17 = icmp eq i64 %16, 0 br i1 %17, label %23, label %18 %24 = lshr i64 %15, 5 %25 = trunc i64 %24 to i32 %26 = icmp eq i32 %25, 2147483647 br i1 %26, label %35, label %27 %28 = shl i64 %24, 32 %29 = ashr exact i64 %28, 32 %30 = tail call i8* @idr_find(%struct.idr* nonnull @worker_pool_idr, i64 %29) #76 %31 = bitcast i8* %30 to %struct.worker_pool* br label %32 %33 = phi %struct.worker_pool* [ %22, %18 ], [ %31, %27 ] %34 = icmp eq %struct.worker_pool* %33, null br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %33, i64 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %37) #76 %38 = load volatile i64, i64* %14, align 8 %39 = and i64 %38, 4 %40 = icmp eq i64 %39, 0 %41 = and i64 %38, -256 %42 = inttoptr i64 %41 to %struct.pool_workqueue* %43 = select i1 %40, %struct.pool_workqueue* null, %struct.pool_workqueue* %42 %44 = icmp eq %struct.pool_workqueue* %43, null br i1 %44, label %49, label %45 %50 = ptrtoint %struct.work_struct* %0 to i64 %51 = mul i64 %50, 7046029254386353131 %52 = lshr i64 %51, 58 %53 = getelementptr %struct.worker_pool, %struct.worker_pool* %33, i64 0, i32 12, i64 %52, i32 0 %54 = bitcast %struct.hlist_node** %53 to %struct.worker** %55 = load %struct.worker*, %struct.worker** %54, align 8 %56 = icmp eq %struct.worker* %55, null br i1 %56, label %152, label %57 %58 = phi %struct.worker* [ %69, %67 ], [ %55, %49 ] %59 = getelementptr inbounds %struct.worker, %struct.worker* %58, i64 0, i32 1 %60 = load %struct.work_struct*, %struct.work_struct** %59, align 8 %61 = icmp eq %struct.work_struct* %60, %0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.worker, %struct.worker* %58, i64 0, i32 2 %64 = load void (%struct.work_struct*)*, void (%struct.work_struct*)** %63, align 8 %65 = load void (%struct.work_struct*)*, void (%struct.work_struct*)** %8, align 8 %66 = icmp eq void (%struct.work_struct*)* %64, %65 br i1 %66, label %71, label %67 %72 = getelementptr inbounds %struct.worker, %struct.worker* %58, i64 0, i32 3 %73 = load %struct.pool_workqueue*, %struct.pool_workqueue** %72, align 8 br label %74 %75 = phi %struct.worker* [ null, %45 ], [ %58, %71 ] %76 = phi %struct.pool_workqueue* [ %43, %45 ], [ %73, %71 ] %77 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %76, i64 0, i32 1 %78 = load %struct.workqueue_struct*, %struct.workqueue_struct** %77, align 8 tail call fastcc void @check_flush_dependency(%struct.workqueue_struct* %78, %struct.work_struct* %0) #76 %79 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 0, i32 0 store i64 68719476704, i64* %79, align 8 %80 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 1 %81 = getelementptr inbounds %struct.list_head, %struct.list_head* %80, i64 0, i32 0 store volatile %struct.list_head* %80, %struct.list_head** %81, align 8 %82 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 1, i32 1 store %struct.list_head* %80, %struct.list_head** %82, align 8 %83 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 2 store void (%struct.work_struct*)* @wq_barrier_func, void (%struct.work_struct*)** %83, align 8 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %79, i64 0) #6, !srcloc !13 %84 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 1, i32 0 store i32 0, i32* %84, align 8 %85 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %85, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5800, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5801) #76 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #76 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %140, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.299710*, %struct.gendisk.299710** %32, align 8 %34 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %35 = load %struct.gendisk.299710*, %struct.gendisk.299710** %34, align 8 %36 = icmp eq %struct.gendisk.299710* %33, %35 br i1 %36, label %82, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #76 %40 = icmp eq i32 %39, 0 br i1 %40, label %75, label %41 %76 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 75, i32 0, i32 0 %77 = load volatile i64, i64* %76, align 8 %78 = and i64 %77, 1 %79 = icmp eq i64 %78, 0 br i1 %79, label %140, label %80 %81 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %81) #76 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5800, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5801) #76 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_ioctl 2 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.299712* %0, i32 %1, i32 %2, i64 %8) #76 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %29 = load %struct.gendisk.299710*, %struct.gendisk.299710** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #76 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5800, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5801) #76 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %0, i64 0, i32 16 %29 = load %struct.gendisk.299710*, %struct.gendisk.299710** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #76 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5800, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5801) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 sk_filter_trim_cap 4 sock_queue_rcv_skb 5 ping_queue_rcv_skb ------------- Path:  Function:ping_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.273263*, %struct.sk_buff.273008*)* @sock_queue_rcv_skb to i32 (%struct.sock*, %struct.sk_buff*)*)(%struct.sock* %0, %struct.sk_buff* %1) #76 Function:sock_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.762327*, %struct.sk_buff.762287*, i32)* @sk_filter_trim_cap to i32 (%struct.sock.273263*, %struct.sk_buff.273008*, i32)*)(%struct.sock.273263* %0, %struct.sk_buff.273008* %1, i32 1) #76 Function:sk_filter_trim_cap %4 = alloca [20 x i8], align 16 %5 = getelementptr inbounds %struct.sk_buff.762287, %struct.sk_buff.762287* %1, i64 0, i32 12 %6 = load i8, i8* %5, align 2 %7 = and i8 %6, 64 %8 = icmp eq i8 %7, 0 br i1 %8, label %20, label %9 %10 = getelementptr inbounds %struct.sock.762327, %struct.sock.762327* %0, i64 0, i32 0, i32 13, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 16384 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %20 %21 = tail call i32 bitcast (i32 (%struct.sock*, %struct.sk_buff*)* @security_sock_rcv_skb to i32 (%struct.sock.762327*, %struct.sk_buff.762287*)*)(%struct.sock.762327* %0, %struct.sk_buff.762287* %1) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %98 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = getelementptr inbounds %struct.sock.762327, %struct.sock.762327* %0, i64 0, i32 12 %25 = load volatile %struct.sk_filter.762307*, %struct.sk_filter.762307** %24, align 8 %26 = icmp eq %struct.sk_filter.762307* %25, null br i1 %26, label %96, label %27 %28 = getelementptr inbounds %struct.sk_buff.762287, %struct.sk_buff.762287* %1, i64 0, i32 1, i32 0 %29 = bitcast %struct.sock.762327** %28 to i64* %30 = load i64, i64* %29, align 8 store %struct.sock.762327* %0, %struct.sock.762327** %28, align 8 %31 = getelementptr inbounds %struct.sk_filter.762307, %struct.sk_filter.762307* %25, i64 0, i32 2 %32 = load %struct.bpf_prog.762111*, %struct.bpf_prog.762111** %31, align 8 tail call void @migrate_disable() #76 %33 = bitcast %struct.sk_buff.762287* %1 to i8* %34 = getelementptr inbounds %struct.sk_buff.762287, %struct.sk_buff.762287* %1, i64 0, i32 3, i64 8 %35 = getelementptr inbounds [20 x i8], [20 x i8]* %4, i64 0, i64 0 %36 = getelementptr inbounds %struct.bpf_prog.762111, %struct.bpf_prog.762111* %32, i64 0, i32 1 %37 = load i16, i16* %36, align 2 %38 = and i16 %37, 8 %39 = icmp eq i16 %38, 0 br i1 %39, label %41, label %40, !prof !6, !misexpect !7 br label %41 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@sk_filter_trim_cap, %42)) #6 to label %60 [label %42], !srcloc !8 %61 = getelementptr inbounds %struct.bpf_prog.762111, %struct.bpf_prog.762111* %32, i64 0, i32 13, i64 0 %62 = getelementptr inbounds %struct.bpf_prog.762111, %struct.bpf_prog.762111* %32, i64 0, i32 9 %63 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %62, align 8 %64 = tail call i32 %63(i8* %33, %struct.bpf_insn* %61) #76 br label %65 %66 = phi i32 [ %47, %42 ], [ %64, %60 ] %67 = load i16, i16* %36, align 2 %68 = and i16 %67, 8 %69 = icmp eq i16 %68, 0 br i1 %69, label %71, label %70, !prof !6, !misexpect !7 tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 ___skb_get_hash 6 __skb_get_hash 7 get_rps_cpu 8 netif_receive_skb_list_internal 9 busy_poll_stop 10 napi_busy_loop 11 tcp_recvmsg 12 inet6_recvmsg 13 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 ___skb_get_hash 6 __skb_get_hash 7 get_rps_cpu 8 netif_receive_skb_list_internal 9 busy_poll_stop 10 napi_busy_loop 11 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 ___skb_get_hash 6 __skb_get_hash 7 get_xps_queue 8 netdev_pick_tx 9 netdev_core_pick_tx 10 __dev_queue_xmit 11 dev_queue_xmit 12 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 ___skb_get_hash 6 __skb_get_hash 7 get_xps_queue 8 netdev_pick_tx 9 netdev_core_pick_tx 10 __dev_queue_xmit 11 dev_queue_xmit 12 netlink_deliver_tap 13 netlink_sendskb 14 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ipip6_tunnel_bind_dev 10 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 __ip_rt_update_pmtu 8 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 __ip_do_redirect 8 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.756241* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.756148* null, %struct.sk_buff.756148** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.756241, %struct.bpf_prog_array.756241* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.755989*, %struct.bpf_prog.755989** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.755989* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #76 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %35 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #76 %19 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #76 %23 = getelementptr inbounds %struct.bpf_prog.755989, %struct.bpf_prog.755989* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = add i64 %28, 1 store i64 %29, i64* %27, align 16 %30 = tail call i64 @sched_clock() #76 %31 = sub i64 %30, %18 %32 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = add i64 %31, %33 store i64 %34, i64* %32, align 8 br label %40 %41 = phi i32 [ %22, %17 ], [ %39, %35 ] tail call void @migrate_enable() #76 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #76 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %8 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #76 store i64 %11, i64* %8, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %6, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #77 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #76 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6903, i64 0, i64 0), i32 2180, i32 2307, i64 12) #6, !srcloc !11 tail call void asm sideeffect "796:\0A\09.pushsection .discard.reachable\0A\09.long 796b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #76 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #76 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #76 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7000, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7001) #76 ------------- Good: 551 Bad: 19 Ignored: 1121 Check Use of Function:drm_mode_convert_to_umode Check Use of Function:unpin_user_pages Check Use of Function:page_add_new_anon_rmap Check Use of Function:device_is_bound Check Use of Function:__SCT__tp_func_sched_process_fork Check Use of Function:snapshot_get_image_size Check Use of Function:i915_gem_object_pin_to_display_plane Check Use of Function:hugetlbfs_create Check Use of Function:ieee80211_smps_mode_to_smps_mode Check Use of Function:ipip6_newlink Check Use of Function:security_move_mount Check Use of Function:blk_queue_flag_set Use: =BAD PATH= Call Stack: 0 blk_stat_add_callback 1 blk_poll 2 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %8) #76 %10 = getelementptr inbounds %struct.block_device.294278, %struct.block_device.294278* %9, i64 0, i32 16 %11 = load %struct.gendisk.294276*, %struct.gendisk.294276** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.294276, %struct.gendisk.294276* %11, i64 0, i32 9 %13 = load %struct.request_queue.294268*, %struct.request_queue.294268** %12, align 8 %14 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 7 %15 = bitcast %union.anon.69.294022* %14 to i32* %16 = load volatile i32, i32* %15, align 8 %17 = tail call i32 bitcast (i32 (%struct.request_queue.299702*, i32, i1)* @blk_poll to i32 (%struct.request_queue.294268*, i32, i1)*)(%struct.request_queue.294268* %13, i32 %16, i1 zeroext %1) #76 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.299866, align 8 %5 = icmp eq i32 %1, -1 br i1 %5, label %197, label %6 %7 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 11 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %197, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.299865** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.299865**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.299865* %14 = getelementptr inbounds %struct.task_struct.299865, %struct.task_struct.299865* %13, i64 0, i32 120 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 16 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 8 %20 = load %struct.blk_mq_hw_ctx.299665**, %struct.blk_mq_hw_ctx.299665*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %24, align 8 br i1 %2, label %26, label %144 %27 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 24 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, -1 br i1 %29, label %144, label %30 %31 = icmp slt i32 %1, 0 br i1 %31, label %47, label %32 %48 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %25, i64 0, i32 20 %49 = load %struct.blk_mq_tags.299664*, %struct.blk_mq_tags.299664** %48, align 8 %50 = and i32 %1, 65535 %51 = getelementptr inbounds %struct.blk_mq_tags.299664, %struct.blk_mq_tags.299664* %49, i64 0, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, %50 br i1 %53, label %54, label %144 %55 = getelementptr inbounds %struct.blk_mq_tags.299664, %struct.blk_mq_tags.299664* %49, i64 0, i32 7 %56 = load %struct.request.299674**, %struct.request.299674*** %55, align 8 %57 = zext i32 %50 to i64 %58 = getelementptr %struct.request.299674*, %struct.request.299674** %56, i64 %57 %59 = bitcast %struct.request.299674** %58 to i8** %60 = load i8*, i8** %59, align 8 %61 = bitcast i8* %60 to %struct.request.299674* %62 = icmp eq i8* %60, null br i1 %62, label %144, label %63 %64 = phi %struct.request.299674* [ %61, %54 ], [ %46, %39 ], [ null, %32 ] %65 = bitcast %struct.hrtimer_sleeper.299866* %4 to i8* %66 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %64, i64 0, i32 4 %67 = load i32, i32* %66, align 4 %68 = and i32 %67, 1048576 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %142 %71 = icmp sgt i32 %28, 0 br i1 %71, label %109, label %72 %73 = load volatile i64, i64* %7, align 8 %74 = and i64 %73, 2097152 %75 = icmp eq i64 %74, 0 br i1 %75, label %76, label %81 %77 = tail call zeroext i1 bitcast (i1 (i32, %struct.request_queue.295614*)* @blk_queue_flag_test_and_set to i1 (i32, %struct.request_queue.299702*)*)(i32 21, %struct.request_queue.299702* %0) #76 br i1 %77, label %81, label %78 %79 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 25 %80 = load %struct.blk_stat_callback.299695*, %struct.blk_stat_callback.299695** %79, align 8 tail call void bitcast (void (%struct.request_queue.300630*, %struct.blk_stat_callback.300627*)* @blk_stat_add_callback to void (%struct.request_queue.299702*, %struct.blk_stat_callback.299695*)*)(%struct.request_queue.299702* %0, %struct.blk_stat_callback.299695* %80) #76 Function:blk_stat_add_callback %3 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_possible_mask) #76 %4 = load i32, i32* @nr_cpu_ids, align 4 %5 = icmp ult i32 %3, %4 br i1 %5, label %6, label %40 %7 = getelementptr inbounds %struct.blk_stat_callback.300627, %struct.blk_stat_callback.300627* %1, i64 0, i32 2 %8 = bitcast %struct.blk_rq_stat** %7 to i64* %9 = getelementptr inbounds %struct.blk_stat_callback.300627, %struct.blk_stat_callback.300627* %1, i64 0, i32 4 %10 = load i32, i32* %9, align 8 br label %18 %19 = phi i32 [ %4, %6 ], [ %14, %13 ] %20 = phi i32 [ %10, %6 ], [ %15, %13 ] %21 = phi i32 [ %3, %6 ], [ %16, %13 ] %22 = load i64, i64* %8, align 8 %23 = sext i32 %21 to i64 %24 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %23 %25 = load i64, i64* %24, align 8 %26 = add i64 %25, %22 %27 = inttoptr i64 %26 to %struct.blk_rq_stat* %28 = icmp eq i32 %20, 0 br i1 %28, label %13, label %29 %30 = phi i64 [ %36, %29 ], [ 0, %18 ] %31 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 1 store i64 -1, i64* %31, align 8 %32 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 0 store i64 0, i64* %32, align 8 %33 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 3 store i32 0, i32* %33, align 8 %34 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 2 store i64 0, i64* %34, align 8 %35 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 4 store i64 0, i64* %35, align 8 %36 = add nuw nsw i64 %30, 1 %37 = load i32, i32* %9, align 8 %38 = zext i32 %37 to i64 %39 = icmp ult i64 %36, %38 br i1 %39, label %29, label %11 %12 = load i32, i32* @nr_cpu_ids, align 4 br label %13 %14 = phi i32 [ %12, %11 ], [ %19, %18 ] %15 = phi i32 [ %37, %11 ], [ 0, %18 ] %16 = tail call i32 @cpumask_next(i32 %21, %struct.cpumask* nonnull @__cpu_possible_mask) #76 %17 = icmp ult i32 %16, %14 br i1 %17, label %18, label %40 %41 = getelementptr inbounds %struct.request_queue.300630, %struct.request_queue.300630* %0, i64 0, i32 3 %42 = load %struct.blk_queue_stats*, %struct.blk_queue_stats** %41, align 8 %43 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %42, i64 0, i32 1, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #77 %45 = getelementptr inbounds %struct.blk_stat_callback.300627, %struct.blk_stat_callback.300627* %1, i64 0, i32 0 %46 = load %struct.blk_queue_stats*, %struct.blk_queue_stats** %41, align 8 %47 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %46, i64 0, i32 0 %48 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %46, i64 0, i32 0, i32 1 %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = getelementptr inbounds %struct.blk_stat_callback.300627, %struct.blk_stat_callback.300627* %1, i64 0, i32 0, i32 0 store %struct.list_head* %47, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.blk_stat_callback.300627, %struct.blk_stat_callback.300627* %1, i64 0, i32 0, i32 1 store %struct.list_head* %49, %struct.list_head** %51, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %52, align 8 store %struct.list_head* %45, %struct.list_head** %48, align 8 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_set to void (i32, %struct.request_queue.300630*)*)(i32 20, %struct.request_queue.300630* %0) #77 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.624183, %struct.device.624183* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.624201** %12 = load %struct.scsi_device.624201*, %struct.scsi_device.624201** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.624201, %struct.scsi_device.624201* %12, i64 0, i32 22 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 1 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #77 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 1 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 1 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.624016** %62 = load %struct.gendisk.624016*, %struct.gendisk.624016** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.624016, %struct.gendisk.624016* %62, i64 0, i32 9 %64 = load %struct.request_queue.624010*, %struct.request_queue.624010** %63, align 8 tail call void bitcast (void (%struct.request_queue.297041*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.624010*, i1, i1)*)(%struct.request_queue.624010* %64, i1 zeroext %57, i1 zeroext %59) #77 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_set to void (i32, %struct.request_queue.297041*)*)(i32 17, %struct.request_queue.297041* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.624183, %struct.device.624183* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.624201** %12 = load %struct.scsi_device.624201*, %struct.scsi_device.624201** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.624201, %struct.scsi_device.624201* %12, i64 0, i32 22 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #76 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 1 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #77 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 24 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 1 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 1 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.624016** %62 = load %struct.gendisk.624016*, %struct.gendisk.624016** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.624016, %struct.gendisk.624016* %62, i64 0, i32 9 %64 = load %struct.request_queue.624010*, %struct.request_queue.624010** %63, align 8 tail call void bitcast (void (%struct.request_queue.297041*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.624010*, i1, i1)*)(%struct.request_queue.624010* %64, i1 zeroext %57, i1 zeroext %59) #77 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.297041*)*)(i32 17, %struct.request_queue.297041* %0) #76 br label %6 br i1 %2, label %7, label %8 tail call void bitcast (void (i32, %struct.request_queue.295614*)* @blk_queue_flag_set to void (i32, %struct.request_queue.297041*)*)(i32 18, %struct.request_queue.297041* %0) #76 ------------- Good: 71 Bad: 3 Ignored: 72 Check Use of Function:tty_unlock Check Use of Function:invalidate_bdev Check Use of Function:ww_mutex_unlock Check Use of Function:ipip6_tunnel_create Check Use of Function:replace_mm_exe_file Check Use of Function:ieee80211_run_deferred_scan Check Use of Function:lock_mount Check Use of Function:unregister_netdevice_notifier Check Use of Function:ext4_xattr_user_get Check Use of Function:elf_map Check Use of Function:xhci_dbg_trace Check Use of Function:open_exec Check Use of Function:set_user Check Use of Function:cfg80211_cac_event Check Use of Function:netif_device_attach Check Use of Function:file_update_time Check Use of Function:signal_wake_up_state Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_waitid 5 __se_compat_sys_waitid 6 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_waitid 5 __se_sys_waitid 6 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_waitid 5 __se_sys_waitid 6 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #76 store i32 0, i32* %2, align 16 tail call void @task_clear_jobctl_pending(%struct.task_struct* %0, i64 1572864) #76 tail call void @task_clear_jobctl_trapping(%struct.task_struct* %0) #76 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void @signal_wake_up_state(%struct.task_struct* %0, i32 8) #76 ------------- Good: 17 Bad: 8 Ignored: 38 Check Use of Function:cfg80211_free_nan_func Check Use of Function:pci_enable_device Check Use of Function:cpumask_weight.17605 Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __ia32_compat_sys_io_setup ------------- Path:  Function:__ia32_compat_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to i32* %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 2 %13 = ptrtoint i32* %11 to i64 %14 = shl i64 %13, 32 %15 = ashr exact i64 %14, 32 %16 = icmp eq i64 %14, 0 br i1 %16, label %17, label %65, !prof !5, !misexpect !6 %18 = extractvalue { i32*, i32, i64 } %10, 1 %19 = icmp ne i32 %18, 0 %20 = icmp eq i32 %7, 0 %21 = or i1 %20, %19 br i1 %21, label %65, label %22, !prof !7, !misexpect !6 %23 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %7) #76 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = tail call fastcc i32 @cpumask_weight.17605() #76 ------------- Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __se_sys_io_setup 2 __ia32_sys_io_setup ------------- Path:  Function:__ia32_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_io_setup(i64 %4, i64 %7) #76 Function:__se_sys_io_setup %3 = trunc i64 %0 to i32 %4 = inttoptr i64 %1 to i64* %6 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 8, i64 %5) #6, !srcloc !4 %7 = extractvalue { i64*, i64, i64 } %6, 0 %8 = extractvalue { i64*, i64, i64 } %6, 2 %9 = ptrtoint i64* %7 to i64 %10 = shl i64 %9, 32 %11 = ashr exact i64 %10, 32 %12 = icmp eq i64 %10, 0 br i1 %12, label %13, label %60, !prof !5, !misexpect !6 %14 = extractvalue { i64*, i64, i64 } %6, 1 %15 = icmp ne i64 %14, 0 %16 = icmp eq i32 %3, 0 %17 = or i1 %16, %15 br i1 %17, label %60, label %18, !prof !7, !misexpect !6 %19 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %3) #76 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = tail call fastcc i32 @cpumask_weight.17605() #76 ------------- Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __se_sys_io_setup 2 __x64_sys_io_setup ------------- Path:  Function:__x64_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_io_setup(i64 %3, i64 %5) #76 Function:__se_sys_io_setup %3 = trunc i64 %0 to i32 %4 = inttoptr i64 %1 to i64* %6 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 8, i64 %5) #6, !srcloc !4 %7 = extractvalue { i64*, i64, i64 } %6, 0 %8 = extractvalue { i64*, i64, i64 } %6, 2 %9 = ptrtoint i64* %7 to i64 %10 = shl i64 %9, 32 %11 = ashr exact i64 %10, 32 %12 = icmp eq i64 %10, 0 br i1 %12, label %13, label %60, !prof !5, !misexpect !6 %14 = extractvalue { i64*, i64, i64 } %6, 1 %15 = icmp ne i64 %14, 0 %16 = icmp eq i32 %3, 0 %17 = or i1 %16, %15 br i1 %17, label %60, label %18, !prof !7, !misexpect !6 %19 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %3) #76 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = tail call fastcc i32 @cpumask_weight.17605() #76 ------------- Good: 1 Bad: 3 Ignored: 0 Check Use of Function:alarmtimer_do_nsleep Check Use of Function:io_uring_alloc_task_context Check Use of Function:cfg80211_abandon_assoc Check Use of Function:amd_set_subcaches Check Use of Function:pci_write_config_dword Use: =BAD PATH= Call Stack: 0 pci_map_rom 1 pci_read_rom ------------- Path:  Function:pci_read_rom %7 = alloca i64, align 8 %8 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %9 = bitcast %struct.qspinlock* %8 to %struct.pci_dev.317892* %10 = bitcast i64* %7 to i8* %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 432, i32 0, i32 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %30, label %14 %15 = call i8* bitcast (i8* (%struct.pci_dev.321191*, i64*)* @pci_map_rom to i8* (%struct.pci_dev.317892*, i64*)*)(%struct.pci_dev.317892* %9, i64* nonnull %7) #76 Function:pci_map_rom %3 = alloca i32, align 4 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca i32, align 4 %6 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 5 %7 = load %struct.resource*, %struct.resource** %6, align 8 %8 = icmp eq %struct.resource* %7, null br i1 %8, label %9, label %12 %10 = tail call i32 bitcast (i32 (%struct.pci_dev.317892*, i32)* @pci_assign_resource to i32 (%struct.pci_dev.321191*, i32)*)(%struct.pci_dev.321191* %0, i32 6) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %129 %13 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 0 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 %18 = sub i64 1, %14 %19 = add i64 %18, %16 %20 = select i1 %17, i64 0, i64 %19 store i64 %20, i64* %1, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %129, label %22 %23 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6 %24 = bitcast %struct.cpu_itimer* %4 to i8* %25 = bitcast i32* %5 to i8* %26 = getelementptr %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 49, i64 6, i32 3 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %50, label %29 %30 = and i64 %27, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %51 %33 = getelementptr inbounds %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 1 %34 = load %struct.pci_bus.321180*, %struct.pci_bus.321180** %33, align 8 call void bitcast (void (%struct.pci_bus.317894*, %struct.cpu_itimer*, %struct.resource*)* @pcibios_resource_to_bus to void (%struct.pci_bus.321180*, %struct.cpu_itimer*, %struct.resource*)*)(%struct.pci_bus.321180* %34, %struct.cpu_itimer* nonnull %4, %struct.resource* %23) #76 %35 = getelementptr inbounds %struct.pci_dev.321191, %struct.pci_dev.321191* %0, i64 0, i32 22 %36 = load i8, i8* %35, align 8 %37 = zext i8 %36 to i32 %38 = call i32 bitcast (i32 (%struct.pci_dev.317892*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev.321191*, i32, i32*)*)(%struct.pci_dev.321191* %0, i32 %37, i32* nonnull %5) #76 %39 = load i32, i32* %5, align 4 %40 = and i32 %39, 2046 %41 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = trunc i64 %42 to i32 %44 = or i32 %40, %43 %45 = or i32 %44, 1 store i32 %45, i32* %5, align 4 %46 = load i8, i8* %35, align 8 %47 = zext i8 %46 to i32 %48 = call i32 bitcast (i32 (%struct.pci_dev.317892*, i32, i32)* @pci_write_config_dword to i32 (%struct.pci_dev.321191*, i32, i32)*)(%struct.pci_dev.321191* %0, i32 %47, i32 %45) #76 ------------- Good: 1014 Bad: 1 Ignored: 842 Check Use of Function:ieee80211_xmit_fast_finish Check Use of Function:pps_cdev_compat_ioctl Check Use of Function:create_new_namespaces Check Use of Function:wiphy_unregister Check Use of Function:vfat_lookup Check Use of Function:proc_reg_compat_ioctl Check Use of Function:sync_file_ioctl Check Use of Function:suspend_devices_and_enter Check Use of Function:nfs_swap_deactivate Check Use of Function:autofs_dev_ioctl_compat Check Use of Function:terminate_walk Check Use of Function:kernel_halt Check Use of Function:cfg80211_del_sta_sinfo Check Use of Function:n_tty_open Check Use of Function:d_alloc_name Check Use of Function:efivar_entry_iter_end Check Use of Function:link_path_walk Check Use of Function:hung_up_tty_compat_ioctl Check Use of Function:e1000_irq_enable Check Use of Function:pci_irq_vector Check Use of Function:vm_munmap Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #76 ------------- Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #76 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #76 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !11, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17604, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !12 tail call void asm sideeffect "361:\0A\09.pushsection .discard.reachable\0A\09.long 361b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #76 ------------- Good: 5 Bad: 2 Ignored: 1 Check Use of Function:__ieee80211_tx Check Use of Function:i915_perf_ioctl Check Use of Function:rtnl_configure_link Check Use of Function:put_old_itimerspec32 Use: =BAD PATH= Call Stack: 0 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.old_itimerspec32* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* %13 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %14 = icmp eq %struct.k_itimer.88004* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %13, i64 0, i32 3 %18 = load %struct.k_clock.88005*, %struct.k_clock.88005** %17, align 8 %19 = icmp eq %struct.k_clock.88005* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88004* nonnull %13, %struct.timens_offsets* nonnull %3) #76 br label %26 %27 = phi i1 [ false, %24 ], [ true, %25 ] %28 = phi i64 [ -22, %24 ], [ 0, %25 ] %29 = load i64, i64* %2, align 8 %30 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %13, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %30, i64 %29) #76 br i1 %27, label %31, label %35 %32 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 %28 = icmp eq i32 %27, 0 %29 = and i1 %19, %28 br i1 %29, label %30, label %34 %31 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* nonnull %16) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.old_itimerspec32** %8 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* %12 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %9, i64* nonnull %2) #76 %13 = icmp eq %struct.k_itimer.88004* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %12, i64 0, i32 3 %17 = load %struct.k_clock.88005*, %struct.k_clock.88005** %16, align 8 %18 = icmp eq %struct.k_clock.88005* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88004*, %struct.timens_offsets*)*, void (%struct.k_itimer.88004*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88004*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88004* nonnull %12, %struct.timens_offsets* nonnull %3) #76 br label %25 %26 = phi i1 [ false, %23 ], [ true, %24 ] %27 = phi i64 [ -22, %23 ], [ 0, %24 ] %28 = load i64, i64* %2, align 8 %29 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %12, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %29, i64 %28) #76 br i1 %26, label %30, label %34 %31 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 %26 = icmp eq i32 %25, 0 %27 = and i1 %17, %26 br i1 %27, label %28, label %32 %29 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* nonnull %14) #76 ------------- Good: 4 Bad: 4 Ignored: 0 Check Use of Function:free_all_swap_pages Check Use of Function:acpi_evaluate_lck Check Use of Function:snd_hwdep_ioctl Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #76 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:dev_driver_string Use: =BAD PATH= Call Stack: 0 name_show.56954 ------------- Path:  Function:name_show.56954 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %5 = load %struct.device*, %struct.device** %4, align 8 %6 = tail call i8* @dev_driver_string(%struct.device* %5) #76 ------------- Good: 4192 Bad: 1 Ignored: 4009 Check Use of Function:__import_iovec Check Use of Function:__drm_mode_set_config_internal Check Use of Function:n_tty_close Check Use of Function:dma_buf_ioctl Check Use of Function:netif_set_xps_queue Check Use of Function:io_free_req Check Use of Function:ext4_fc_track_unlink Check Use of Function:drm_atomic_set_property Check Use of Function:ieee80211_vht_handle_opmode Check Use of Function:ldsem_down_write Check Use of Function:put_fs_context Use: =BAD PATH= Call Stack: 0 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.157736*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #76 ------------- Good: 18 Bad: 1 Ignored: 2 Check Use of Function:__ieee80211_recalc_txpower Check Use of Function:perf_event_namespaces Check Use of Function:reenable_swap_slots_cache_unlock Check Use of Function:static_key_slow_inc Check Use of Function:efivar_create_sysfs_entry Check Use of Function:pci_read_config_word Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %224, align 8 %226 = icmp eq %struct.pci_dev.317892* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46489, i64 0, i32 0, i32 0)) #76 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %258, align 8 %260 = icmp eq %struct.pci_dev.317892* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #76 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ 2, %98 ] %108 = phi i32 [ 0, %94 ], [ %105, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %107, %110 %112 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.317892* %112, i1 zeroext true, i32 %108, i32 %111) #76 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29334, i64 0, i64 0), i32 6260, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "419:\0A\09.pushsection .discard.reachable\0A\09.long 419b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %13 %14 = load i32 (%struct.pci_dev.317892*, i1, i32, i32)*, i32 (%struct.pci_dev.317892*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.317892*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %30 = and i32 %3, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %53, label %32 %33 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 1 %34 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %33, align 8 %35 = icmp eq %struct.pci_bus.317894* %34, null br i1 %35, label %53, label %36 %37 = select i1 %1, i16 8, i16 0 br label %38 %39 = phi %struct.pci_bus.317894* [ %34, %36 ], [ %51, %49 ] %40 = getelementptr inbounds %struct.pci_bus.317894, %struct.pci_bus.317894* %39, i64 0, i32 4 %41 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %40, align 8 %42 = icmp eq %struct.pci_dev.317892* %41, null br i1 %42, label %49, label %43 %44 = call i32 @pci_read_config_word(%struct.pci_dev.317892* nonnull %41, i32 62, i16* nonnull %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %224, align 8 %226 = icmp eq %struct.pci_dev.317892* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46489, i64 0, i32 0, i32 0)) #76 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %258, align 8 %260 = icmp eq %struct.pci_dev.317892* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #76 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ 2, %98 ] %108 = phi i32 [ 0, %94 ], [ %105, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %107, %110 %112 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.317892* %112, i1 zeroext true, i32 %108, i32 %111) #76 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29334, i64 0, i64 0), i32 6260, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "419:\0A\09.pushsection .discard.reachable\0A\09.long 419b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %13 %14 = load i32 (%struct.pci_dev.317892*, i1, i32, i32)*, i32 (%struct.pci_dev.317892*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.317892*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %21 = call i32 @pci_read_config_word(%struct.pci_dev.317892* %0, i32 4, i16* nonnull %5) #76 ------------- Good: 944 Bad: 2 Ignored: 1690 Check Use of Function:get_task_io_context Use: =BAD PATH= Call Stack: 0 set_task_ioprio 1 __se_sys_ioprio_set 2 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_task_ioprio 1 __se_sys_ioprio_set 2 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:acpi_early_processor_osc Check Use of Function:sg_new_read Use: =BAD PATH= Call Stack: 0 sg_read ------------- Path:  Function:sg_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 12 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.294752** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.294752**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.294752* %10 = getelementptr inbounds %struct.task_struct.294752, %struct.task_struct.294752* %9, i64 0, i32 84 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = icmp eq %struct.cred* %7, %11 br i1 %12, label %19, label %13 %20 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.sg_fd** %22 = load %struct.sg_fd*, %struct.sg_fd** %21, align 8 %23 = icmp eq %struct.sg_fd* %22, null br i1 %23, label %474, label %24 %25 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 1 %26 = load %struct.sg_device*, %struct.sg_device** %25, align 8 %27 = icmp eq %struct.sg_device* %26, null br i1 %27, label %474, label %28 %29 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 11 %30 = load i8, i8* %29, align 8 %31 = icmp ne i8 %30, 0 %32 = icmp ugt i64 %2, 35 %33 = and i1 %32, %31 br i1 %33, label %34, label %83 %84 = phi i32 [ %74, %71 ], [ -1, %28 ], [ -1, %64 ] %85 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 3 %86 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #76 %87 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 8 %88 = bitcast %struct.list_head* %87 to %struct.sg_request** %89 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %90 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %113, label %92 %93 = icmp eq i32 %84, -1 br label %94 %95 = phi %struct.sg_request* [ %89, %92 ], [ %110, %108 ] %96 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 8 %97 = load i8, i8* %96, align 1 %98 = icmp eq i8 %97, 1 br i1 %98, label %99, label %108 %100 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 7 %101 = load i8, i8* %100, align 2 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %108 br i1 %93, label %114, label %104 %105 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 3, i32 11 %106 = load i32, i32* %105, align 8 %107 = icmp eq i32 %106, %84 br i1 %107, label %114, label %108 %109 = bitcast %struct.sg_request* %95 to %struct.sg_request** %110 = load %struct.sg_request*, %struct.sg_request** %109, align 8 %111 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %110, i64 0, i32 0 %112 = icmp eq %struct.list_head* %111, %87 br i1 %112, label %113, label %94 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %86) #76 br label %117 %118 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %26, i64 0, i32 7, i32 0 %119 = load volatile i32, i32* %118, align 4 %120 = icmp eq i32 %119, 0 br i1 %120, label %121, label %474 %122 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 7 %123 = load i32, i32* %122, align 8 %124 = and i32 %123, 2048 %125 = icmp eq i32 %124, 0 br i1 %125, label %126, label %474 %127 = tail call i32 @__cond_resched() #76 %128 = load volatile i32, i32* %118, align 4 %129 = icmp eq i32 %128, 0 br i1 %129, label %130, label %209 %131 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #76 %132 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %133 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 0 %134 = icmp eq %struct.list_head* %133, %87 br i1 %134, label %156, label %135 %136 = icmp eq i32 %84, -1 br label %137 %138 = phi %struct.sg_request* [ %132, %135 ], [ %153, %151 ] %139 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 8 %140 = load i8, i8* %139, align 1 %141 = icmp eq i8 %140, 1 br i1 %141, label %142, label %151 %143 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 7 %144 = load i8, i8* %143, align 2 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %151 br i1 %136, label %157, label %147 %158 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 8 store i8 2, i8* %158, align 1 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %131) #76 %159 = icmp eq %struct.sg_request* %138, null br i1 %159, label %160, label %209 %210 = phi %struct.sg_request* [ null, %126 ], [ %138, %157 ], [ %207, %205 ] %211 = phi i32 [ 0, %126 ], [ 0, %157 ], [ %208, %205 ] %212 = load volatile i32, i32* %118, align 4 %213 = icmp eq i32 %212, 0 br i1 %213, label %214, label %474 %215 = icmp eq i32 %211, 0 br i1 %215, label %218, label %216 %219 = phi %struct.sg_request* [ %95, %114 ], [ %210, %214 ] %220 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %219, i64 0, i32 3, i32 0 %221 = load i32, i32* %220, align 8 %222 = icmp eq i32 %221, 0 br i1 %222, label %225, label %223 %224 = call fastcc i64 @sg_new_read(%struct.sg_fd* nonnull %22, i8* %1, i64 %2, %struct.sg_request* %219) #78 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:regulatory_exit Check Use of Function:ext4_commit_super Check Use of Function:serial8250_release_port Check Use of Function:audit_log_multicast Use: =BAD PATH= Call Stack: 0 audit_multicast_unbind ------------- Path:  Function:audit_multicast_unbind tail call fastcc void @audit_log_multicast(i32 %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.62.10656, i64 0, i64 0), i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 audit_multicast_unbind 1 netlink_bind ------------- Path:  Function:netlink_bind %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = bitcast i64* %6 to i8* %12 = icmp ult i32 %2, 12 br i1 %12, label %306, label %13 %14 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %15 = load i16, i16* %14, align 4 %16 = icmp eq i16 %15, 16 br i1 %16, label %17, label %306 %18 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 6 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 store i64 %21, i64* %6, align 8 %22 = icmp eq i32 %20, 0 br i1 %22, label %71, label %23 %24 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %25 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 0, i32 46 %26 = load i16, i16* %25, align 4 %27 = zext i16 %26 to i64 %28 = getelementptr %struct.netlink_table, %struct.netlink_table* %24, i64 %27, i32 3 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36 %33 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 11 %34 = load %struct.user_namespace*, %struct.user_namespace** %33, align 16 %35 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %34, i32 12) #76 br i1 %35, label %36, label %306 tail call void @netlink_table_grab() #76 %37 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %38 = load i16, i16* %25, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr %struct.netlink_table, %struct.netlink_table* %37, i64 %39, i32 4 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.netlink_table, %struct.netlink_table* %37, i64 %39, i32 10 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 0 br i1 %44, label %68, label %45 %69 = phi i1 [ false, %36 ], [ true, %45 ], [ false, %49 ], [ true, %59 ] %70 = phi i32 [ -2, %36 ], [ 0, %45 ], [ -12, %49 ], [ 0, %59 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @nl_table_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__wake_up(%struct.wait_queue_head* nonnull @nl_table_wait, i32 3, i32 1, i8* null) #76 br i1 %69, label %71, label %306 %72 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 0, i32 6 %73 = load i32, i32* %72, align 4 %74 = icmp ult i32 %73, 64 br i1 %74, label %75, label %80 %81 = phi i64 [ %21, %71 ], [ %79, %75 ] %82 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 0, i32 11 %83 = bitcast %struct.in6_addr* %82 to i8* %84 = load volatile i8, i8* %83, align 8, !range !7 %85 = icmp eq i8 %84, 0 br i1 %85, label %94, label %86 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %87 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %88 = bitcast i8* %87 to i32* %89 = load i32, i32* %88, align 4 %90 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1 %91 = bitcast %struct.sock* %90 to i32* %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %89, %92 br i1 %93, label %94, label %306 %95 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 8 %96 = bitcast i32* %95 to i32 (%struct.net*, i32)** %97 = load i32 (%struct.net*, i32)*, i32 (%struct.net*, i32)** %96, align 8 %98 = icmp ne i32 (%struct.net*, i32)* %97, null %99 = icmp ne i64 %81, 0 %100 = and i1 %98, %99 br i1 %100, label %101, label %141 %102 = phi i64 [ %138, %137 ], [ 0, %94 ] %103 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6, i64 %102) #6, !srcloc !9 %104 = and i8 %103, 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %137, label %106 %107 = load i32 (%struct.net*, i32)*, i32 (%struct.net*, i32)** %96, align 8 %108 = trunc i64 %102 to i32 %109 = add i32 %108, 1 %110 = call i32 %107(%struct.net* %10, i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %137, label %112 %113 = trunc i64 %102 to i32 %114 = load i64, i64* %6, align 8 %115 = bitcast i64* %5 to i8* store i64 %114, i64* %5, align 8 %116 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 10 %117 = bitcast i32* %116 to void (%struct.net*, i32)** %118 = load void (%struct.net*, i32)*, void (%struct.net*, i32)** %117, align 8 %119 = icmp ne void (%struct.net*, i32)* %118, null %120 = icmp ne i32 %113, 0 %121 = and i1 %120, %119 br i1 %121, label %122, label %140 %123 = and i64 %102, 4294967295 br label %124 %125 = phi i64 [ 0, %122 ], [ %135, %134 ] %126 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5, i64 %125) #6, !srcloc !9 %127 = and i8 %126, 1 %128 = icmp eq i8 %127, 0 br i1 %128, label %134, label %129 %130 = load void (%struct.net*, i32)*, void (%struct.net*, i32)** %117, align 8 %131 = load %struct.net*, %struct.net** %9, align 8 %132 = trunc i64 %125 to i32 %133 = add i32 %132, 1 call void %130(%struct.net* %131, i32 %133) #76 Function:audit_multicast_unbind tail call fastcc void @audit_log_multicast(i32 %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.62.10656, i64 0, i64 0), i32 0) #76 ------------- Good: 3 Bad: 2 Ignored: 0 Check Use of Function:hpet_compat_ioctl Check Use of Function:i915_gem_driver_unregister Check Use of Function:_dev_printk Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.350904* %11 = getelementptr inbounds %struct.pnp_dev.350904, %struct.pnp_dev.350904* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #77 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.33921, i64 0, i64 0), i64 7) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.351147*)* @pnp_disable_dev to i32 (%struct.pnp_dev.350904*)*)(%struct.pnp_dev.350904* %10) #77 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.351137*, %struct.pnp_protocol.351137** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.351137, %struct.pnp_protocol.351137* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.351147*)*, i32 (%struct.pnp_dev.351147*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.351147*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33817, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.33818, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 pnp_auto_config_dev 1 pnp_activate_dev 2 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.350904* %11 = getelementptr inbounds %struct.pnp_dev.350904, %struct.pnp_dev.350904* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #77 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.33921, i64 0, i64 0), i64 7) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.12.33922, i64 0, i64 0), i64 8) #78 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.pnp_dev.351147*)* @pnp_activate_dev to i32 (%struct.pnp_dev.350904*)*)(%struct.pnp_dev.350904* %10) #77 Function:pnp_activate_dev %2 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %33 %6 = tail call i32 @pnp_auto_config_dev(%struct.pnp_dev.351147* %0) #76 Function:pnp_auto_config_dev %2 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %10 %6 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 14 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %15 %11 = load i32, i32* @pnp_debug, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %33, label %13 %14 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33817, i64 0, i64 0), %struct.device* %14, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.1.33831, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.381449* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44045, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #76 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39745, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #77 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68 %38 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.39739, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.39740, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.39741, i64 0, i64 0), i8* %46) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.435861** %7 = load %struct.i915_gpu_coredump.435861*, %struct.i915_gpu_coredump.435861** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.435861* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.435861, %struct.i915_gpu_coredump.435861* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %10, align 8 %12 = icmp eq %struct.drm_i915_private.435893* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.42.39489, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 check_for_unclaimed_mmio 2 intel_uncore_forcewake_user_put 3 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.435893** %5 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.428020*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.435570*)*)(%struct.intel_uncore.435570* %10) #76 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #76 %4 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.428020* %0) #77 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39258, i64 0, i64 0)) #76 br label %26 %27 = load i8*, i8** %13, align 8 %28 = getelementptr i8, i8* %27, i64 271104 %29 = bitcast i8* %28 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %29) #6, !srcloc !8 br label %30 %31 = phi i8 [ 0, %7 ], [ 1, %26 ], [ 0, %12 ] %32 = load i32, i32* %8, align 4 %33 = and i32 %32, 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35 %52 = phi i32 [ %50, %47 ], [ %32, %30 ] %53 = phi i8 [ %49, %47 ], [ %31, %30 ] %54 = and i32 %52, 8 %55 = icmp eq i32 %54, 0 br i1 %55, label %79, label %56 %57 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %58 = load i8*, i8** %57, align 8 %59 = getelementptr i8, i8* %58, i64 1179648 %60 = bitcast i8* %59 to i32* %61 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %60) #6, !srcloc !4 %62 = icmp ne i32 %61, 0 br i1 %62, label %63, label %75, !prof !5, !misexpect !7 %64 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %65 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %64, align 8 %66 = icmp eq %struct.drm_i915_private.428358* %65, null br i1 %66, label %70, label %67 %68 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %65, i64 0, i32 0, i32 2 %69 = load %struct.device*, %struct.device** %68, align 8 br label %70 %71 = phi %struct.device* [ %69, %67 ], [ null, %63 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %71, i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.36.39259, i64 0, i64 0), i32 %61) #77 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.422916** %12 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %11, align 8 %13 = icmp eq %struct.drm_i915_private.422916* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.38788, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 ------------- Good: 2248 Bad: 8 Ignored: 812 Check Use of Function:compat_arch_setup_additional_pages Check Use of Function:devres_free Check Use of Function:fd_install Check Use of Function:ext4_free_inode Check Use of Function:tcf_proto_destroy Check Use of Function:ieee80211_sta_join_ibss Check Use of Function:audit_log Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %57 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 1 %58 = load i64, i64* %57, align 8 %59 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 0 %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %58, %60 br i1 %61, label %67, label %62 %63 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %64 = inttoptr i64 %63 to %struct.task_struct* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %64, i64 0, i32 105 %66 = load %struct.audit_context*, %struct.audit_context** %65, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %66, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.10.10840, i64 0, i64 0), i64 %60, i64 %58) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %57 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 1 %58 = load i64, i64* %57, align 8 %59 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 0 %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %58, %60 br i1 %61, label %67, label %62 %63 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %64 = inttoptr i64 %63 to %struct.task_struct* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %64, i64 0, i32 105 %66 = load %struct.audit_context*, %struct.audit_context** %65, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %66, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.10.10840, i64 0, i64 0), i64 %60, i64 %58) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %57 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 1 %58 = load i64, i64* %57, align 8 %59 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 0 %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %58, %60 br i1 %61, label %67, label %62 %63 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %64 = inttoptr i64 %63 to %struct.task_struct* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %64, i64 0, i32 105 %66 = load %struct.audit_context*, %struct.audit_context** %65, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %66, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.10.10840, i64 0, i64 0), i64 %60, i64 %58) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %57 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 1 %58 = load i64, i64* %57, align 8 %59 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 5, i32 0 %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %58, %60 br i1 %61, label %67, label %62 %63 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %64 = inttoptr i64 %63 to %struct.task_struct* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %64, i64 0, i32 105 %66 = load %struct.audit_context*, %struct.audit_context** %65, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %66, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.10.10840, i64 0, i64 0), i64 %60, i64 %58) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %52 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %53 = inttoptr i64 %52 to %struct.task_struct* %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %53, i64 0, i32 105 %55 = load %struct.audit_context*, %struct.audit_context** %54, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %55, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.9.10839, i64 0, i64 0), i64 %49, i64 %47) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %52 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %53 = inttoptr i64 %52 to %struct.task_struct* %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %53, i64 0, i32 105 %55 = load %struct.audit_context*, %struct.audit_context** %54, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %55, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.9.10839, i64 0, i64 0), i64 %49, i64 %47) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %52 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %53 = inttoptr i64 %52 to %struct.task_struct* %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %53, i64 0, i32 105 %55 = load %struct.audit_context*, %struct.audit_context** %54, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %55, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.9.10839, i64 0, i64 0), i64 %49, i64 %47) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %46 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 1 %47 = load i64, i64* %46, align 8 %48 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 4, i32 0 %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %47, %49 br i1 %50, label %56, label %51 %52 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %53 = inttoptr i64 %52 to %struct.task_struct* %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %53, i64 0, i32 105 %55 = load %struct.audit_context*, %struct.audit_context** %54, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %55, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.9.10839, i64 0, i64 0), i64 %49, i64 %47) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %41 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %42 = inttoptr i64 %41 to %struct.task_struct* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %42, i64 0, i32 105 %44 = load %struct.audit_context*, %struct.audit_context** %43, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %44, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.8.10838, i64 0, i64 0), i64 %38, i64 %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %41 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %42 = inttoptr i64 %41 to %struct.task_struct* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %42, i64 0, i32 105 %44 = load %struct.audit_context*, %struct.audit_context** %43, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %44, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.8.10838, i64 0, i64 0), i64 %38, i64 %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %41 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %42 = inttoptr i64 %41 to %struct.task_struct* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %42, i64 0, i32 105 %44 = load %struct.audit_context*, %struct.audit_context** %43, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %44, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.8.10838, i64 0, i64 0), i64 %38, i64 %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %35 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 1 %36 = load i64, i64* %35, align 8 %37 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 3, i32 0 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 br i1 %39, label %45, label %40 %41 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %42 = inttoptr i64 %41 to %struct.task_struct* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %42, i64 0, i32 105 %44 = load %struct.audit_context*, %struct.audit_context** %43, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %44, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.8.10838, i64 0, i64 0), i64 %38, i64 %36) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 105 %33 = load %struct.audit_context*, %struct.audit_context** %32, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %33, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.7.10837, i64 0, i64 0), i64 %27, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 105 %33 = load %struct.audit_context*, %struct.audit_context** %32, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %33, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.7.10837, i64 0, i64 0), i64 %27, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 105 %33 = load %struct.audit_context*, %struct.audit_context** %32, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %33, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.7.10837, i64 0, i64 0), i64 %27, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %24 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 1 %25 = load i64, i64* %24, align 8 %26 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %34, label %29 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 105 %33 = load %struct.audit_context*, %struct.audit_context** %32, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %33, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.7.10837, i64 0, i64 0), i64 %27, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct* %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %20, i64 0, i32 105 %22 = load %struct.audit_context*, %struct.audit_context** %21, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %22, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.10836, i64 0, i64 0), i64 %16, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct* %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %20, i64 0, i32 105 %22 = load %struct.audit_context*, %struct.audit_context** %21, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %22, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.10836, i64 0, i64 0), i64 %16, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct* %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %20, i64 0, i32 105 %22 = load %struct.audit_context*, %struct.audit_context** %21, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %22, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.10836, i64 0, i64 0), i64 %16, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %13 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %14, %16 br i1 %17, label %23, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct* %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %20, i64 0, i32 105 %22 = load %struct.audit_context*, %struct.audit_context** %21, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %22, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.10836, i64 0, i64 0), i64 %16, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 105 %11 = load %struct.audit_context*, %struct.audit_context** %10, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %11, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.5.10835, i64 0, i64 0), i64 %5, i64 %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #76 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 105 %11 = load %struct.audit_context*, %struct.audit_context** %10, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %11, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.5.10835, i64 0, i64 0), i64 %5, i64 %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #76 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 105 %11 = load %struct.audit_context*, %struct.audit_context** %10, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %11, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.5.10835, i64 0, i64 0), i64 %5, i64 %3) #76 ------------- Use: =BAD PATH= Call Stack: 0 __audit_ntp_log 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #76 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %96, label %25 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #77 %97 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #76 %98 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %99 = add i32 %98, 1 store i32 %99, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %100 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %100, i32* %4, align 4 %101 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #76 %102 = load i32, i32* %4, align 4 %103 = icmp eq i32 %102, %100 br i1 %103, label %109, label %104 %110 = phi i8 [ 0, %96 ], [ 1, %104 ] %111 = call i64 @ntp_get_next_leap() #76 store i64 %111, i64* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.79, %struct.anon.79* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %97) #76 %119 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %120 = inttoptr i64 %119 to %struct.task_struct* %121 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %120, i64 0, i32 105 %122 = load %struct.audit_context*, %struct.audit_context** %121, align 64 %123 = icmp eq %struct.audit_context* %122, null br i1 %123, label %129, label %124 %125 = bitcast %struct.audit_context* %122 to i32* %126 = load i32, i32* %125, align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %128, label %129 call void @__audit_ntp_log(%struct.audit_ntp_data* nonnull %2) #76 Function:__audit_ntp_log %2 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr %struct.audit_ntp_data, %struct.audit_ntp_data* %0, i64 0, i32 0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %12, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 105 %11 = load %struct.audit_context*, %struct.audit_context** %10, align 64 tail call void (%struct.audit_context*, i32, i32, i8*, ...) @audit_log(%struct.audit_context* %11, i32 3264, i32 1333, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.88.10834, i64 0, i64 0), i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.5.10835, i64 0, i64 0), i64 %5, i64 %3) #76 ------------- Good: 10 Bad: 24 Ignored: 7 Check Use of Function:drm_crtc_vblank_get Check Use of Function:pci_bus_read_config_byte Use: =BAD PATH= Call Stack: 0 pci_read_config_byte 1 subordinate_bus_number_show ------------- Path:  Function:subordinate_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.317892* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.317892* %6, i32 26, i8* nonnull %4) #76 Function:pci_read_config_byte %4 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 44 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 3 br i1 %6, label %7, label %8 %9 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 1 %10 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %9, align 8 %11 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = tail call i32 @pci_bus_read_config_byte(%struct.pci_bus.317894* %10, i32 %12, i32 %1, i8* %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_read_config_byte 1 secondary_bus_number_show ------------- Path:  Function:secondary_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.317892* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.317892* %6, i32 25, i8* nonnull %4) #76 Function:pci_read_config_byte %4 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 44 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 3 br i1 %6, label %7, label %8 %9 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 1 %10 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %9, align 8 %11 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = tail call i32 @pci_bus_read_config_byte(%struct.pci_bus.317894* %10, i32 %12, i32 %1, i8* %2) #76 ------------- Good: 218 Bad: 2 Ignored: 478 Check Use of Function:blk_rq_map_user_iov Check Use of Function:drm_prime_init_file_private Check Use of Function:intel_user_framebuffer_create_handle Check Use of Function:acpi_bus_trim Check Use of Function:acpi_ec_dsdt_probe Check Use of Function:fat_generic_ioctl Use: =BAD PATH= Call Stack: 0 fat_dir_ioctl ------------- Path:  Function:fat_dir_ioctl %4 = alloca %struct.fat_ioctl_filldir_callback, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = inttoptr i64 %2 to %struct.__fat_dirent* switch i32 %1, label %9 [ i32 -2110754302, label %11 i32 -2110754303, label %8 ] %10 = tail call i64 bitcast (i64 (%struct.file.147732*, i32, i64)* @fat_generic_ioctl to i64 (%struct.file*, i32, i64)*)(%struct.file* %0, i32 %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 fat_compat_dir_ioctl ------------- Path:  Function:fat_compat_dir_ioctl %4 = alloca %struct.fat_ioctl_filldir_callback, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = and i64 %2, 4294967295 %8 = inttoptr i64 %7 to i8* switch i32 %1, label %10 [ i32 -2112327166, label %12 i32 -2112327167, label %9 ] %11 = tail call i64 bitcast (i64 (%struct.file.147732*, i32, i64)* @fat_generic_ioctl to i64 (%struct.file*, i32, i64)*)(%struct.file* %0, i32 %1, i64 %2) #76 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:drm_master_put Check Use of Function:__efivar_entry_delete Check Use of Function:__get_user_pages Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #76 ------------- Good: 58 Bad: 2 Ignored: 42 Check Use of Function:ext4_rename_dir_finish Check Use of Function:step_into Check Use of Function:dm_ctl_ioctl Use: =BAD PATH= Call Stack: 0 dm_compat_ctl_ioctl ------------- Path:  Function:dm_compat_ctl_ioctl %4 = and i64 %2, 4294967295 %5 = tail call i64 @dm_ctl_ioctl(%struct.file.299557* %0, i32 %1, i64 %4) #76 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:pci_user_read_config_word Check Use of Function:acpi_wakeup_device_init Check Use of Function:memdup_user_nul Use: =BAD PATH= Call Stack: 0 i915_displayport_test_active_write ------------- Path:  Function:i915_displayport_test_active_write %5 = alloca %struct.drm_connector_list_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast %struct.drm_connector_list_iter* %5 to i8* %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_device.381449** %14 = load %struct.drm_device.381449*, %struct.drm_device.381449** %13, align 8 %15 = icmp eq i64 %2, 0 br i1 %15, label %82, label %16 %17 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_crtc.410274** %11 = load %struct.drm_crtc.410274*, %struct.drm_crtc.410274** %10, align 8 %12 = bitcast i64* %5 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %51, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 irq_affinity_proc_write ------------- Path:  Function:irq_affinity_proc_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = tail call i8* @PDE_DATA(%struct.inode* %7) #76 %9 = ptrtoint i8* %8 to i64 %10 = trunc i64 %9 to i32 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = tail call zeroext i1 @irq_can_set_affinity_usr(i32 %10) #76 %13 = xor i1 %12, true %14 = load i32, i32* @no_irq_affinity, align 4 %15 = icmp ne i32 %14, 0 %16 = or i1 %15, %13 br i1 %16, label %35, label %17 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 %19 = trunc i64 %2 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %21 = call i32 @bitmap_parse_user(i8* %1, i32 %19, i64* nonnull %18, i32 64) #76 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 default_affinity_write ------------- Path:  Function:default_affinity_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = trunc i64 %2 to i32 %9 = call i32 @bitmap_parse_user(i8* %1, i32 %8, i64* nonnull %7, i32 64) #76 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 tracing_cpumask_write ------------- Path:  Function:tracing_cpumask_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 47 %9 = bitcast i8** %8 to %struct.trace_array** %10 = load %struct.trace_array*, %struct.trace_array** %9, align 8 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = trunc i64 %2 to i32 %14 = call i32 @bitmap_parse_user(i8* %1, i32 %13, i64* nonnull %12, i32 64) #76 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parselist_user 1 irq_affinity_list_proc_write ------------- Path:  Function:irq_affinity_list_proc_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = tail call i8* @PDE_DATA(%struct.inode* %7) #76 %9 = ptrtoint i8* %8 to i64 %10 = trunc i64 %9 to i32 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = tail call zeroext i1 @irq_can_set_affinity_usr(i32 %10) #76 %13 = xor i1 %12, true %14 = load i32, i32* @no_irq_affinity, align 4 %15 = icmp ne i32 %14, 0 %16 = or i1 %15, %13 br i1 %16, label %35, label %17 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 %19 = trunc i64 %2 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %21 = call i32 @bitmap_parselist_user(i8* %1, i32 %19, i64* nonnull %18, i32 64) #76 Function:bitmap_parselist_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_bool ------------- Path:  Function:sel_write_bool %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 11 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %15 to i32 %17 = and i32 %16, 16777215 %18 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry*, %struct.dentry** %18, align 8 %20 = getelementptr inbounds %struct.dentry, %struct.dentry* %19, i64 0, i32 4, i32 1 %21 = load i8*, i8** %20, align 8 %22 = icmp ugt i64 %2, 4095 br i1 %22, label %78, label %23 %24 = load i64, i64* %3, align 8 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %78 %27 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_enforce ------------- Path:  Function:sel_write_enforce %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = icmp ugt i64 %2, 4095 br i1 %16, label %79, label %17 %18 = load i64, i64* %3, align 8 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %79 %21 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 sel_commit_bools_write ------------- Path:  Function:sel_commit_bools_write %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = bitcast i32* %5 to i8* %14 = icmp ugt i64 %2, 4095 br i1 %14, label %64, label %15 %16 = load i64, i64* %3, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %64 %19 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_simple_write ------------- Path:  Function:proc_simple_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 9 %12 = load i32 (%struct.file*, i8*, i64)*, i32 (%struct.file*, i8*, i64)** %11, align 8 %13 = icmp eq i32 (%struct.file*, i8*, i64)* %12, null br i1 %13, label %28, label %14 %15 = add i64 %2, -1 %16 = icmp ugt i64 %15, 4094 br i1 %16, label %28, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_simple_write ------------- Path:  Function:proc_simple_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 9 %12 = load i32 (%struct.file*, i8*, i64)*, i32 (%struct.file*, i8*, i64)** %11, align 8 %13 = icmp eq i32 (%struct.file*, i8*, i64)* %12, null br i1 %13, label %28, label %14 %15 = add i64 %2, -1 %16 = icmp ugt i64 %15, 4094 br i1 %16, label %28, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 timens_offsets_write ------------- Path:  Function:timens_offsets_write %5 = alloca [2 x %struct.proc_timens_offset], align 16 %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 2 %8 = load %struct.inode.177941*, %struct.inode.177941** %7, align 8 %9 = bitcast [2 x %struct.proc_timens_offset]* %5 to i8* %10 = load i64, i64* %3, align 8 %11 = icmp ne i64 %10, 0 %12 = icmp ugt i64 %2, 4095 %13 = or i1 %12, %11 br i1 %13, label %98, label %14 %15 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 blk_msg_write ------------- Path:  Function:blk_msg_write %5 = icmp ugt i64 %2, 127 br i1 %5, label %15, label %6 %7 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 event_filter_write ------------- Path:  Function:event_filter_write %5 = icmp ugt i64 %2, 4095 br i1 %5, label %28, label %6 %7 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 subsystem_filter_write ------------- Path:  Function:subsystem_filter_write %5 = getelementptr inbounds %struct.file.108279, %struct.file.108279* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_subsystem_dir.108225** %7 = load %struct.trace_subsystem_dir.108225*, %struct.trace_subsystem_dir.108225** %6, align 8 %8 = icmp ugt i64 %2, 4095 br i1 %8, label %22, label %9 %10 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_write ------------- Path:  Function:event_trigger_write %5 = icmp eq i64 %2, 0 br i1 %5, label %29, label %6 %7 = icmp ugt i64 %2, 4095 br i1 %7, label %29, label %8 %9 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #76 ------------- Good: 5 Bad: 16 Ignored: 13 Check Use of Function:ieee80211_del_virtual_monitor Check Use of Function:do_timens_ktime_to_host Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #76 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91501** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91501**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.91501* %46 = getelementptr inbounds %struct.task_struct.91501, %struct.task_struct.91501* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91439*, %struct.nsproxy.91439** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91439, %struct.nsproxy.91439* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91421*, %struct.time_namespace.91421** %48, align 8 %50 = icmp eq %struct.time_namespace.91421* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91421*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91421, %struct.time_namespace.91421* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #76 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #76 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88004* @__lock_timer(i32 %0, i64* nonnull %5) #76 %28 = icmp eq %struct.k_itimer.88004* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88004* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %31, i64 0, i32 3 %33 = load %struct.k_clock.88005*, %struct.k_clock.88005** %32, align 8 %34 = icmp eq %struct.k_clock.88005* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88004*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88004* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #77 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 3 %6 = load %struct.k_clock.88005*, %struct.k_clock.88005** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88005, %struct.k_clock.88005* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88004*)*, i32 (%struct.k_itimer.88004*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88004* %0) #77 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88004, %struct.k_itimer.88004* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #77 ------------- Good: 2 Bad: 8 Ignored: 7 Check Use of Function:local_bh_enable.68094 Check Use of Function:iommu_change_dev_def_domain Check Use of Function:init_chown Check Use of Function:e1000_reset Check Use of Function:mntput_no_expire Check Use of Function:compat_ptr_ioctl Check Use of Function:tg3_ptp_enable Check Use of Function:uprobe_copy_process Check Use of Function:ext4_claim_free_clusters Check Use of Function:cgroup_enter_frozen Check Use of Function:clear_posix_cputimers_work Check Use of Function:nfs_swap_activate Check Use of Function:free_pid Use: =BAD PATH= Call Stack: 0 change_pid 1 ksys_setsid 2 __do_sys_setsid ------------- Path:  Function:__do_sys_setsid %2 = tail call i32 @ksys_setsid() #76 Function:ksys_setsid %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 60 %4 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 63 %6 = load %struct.pid*, %struct.pid** %5, align 32 %7 = tail call i32 @pid_vnr(%struct.pid* %6) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 23 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %34 %14 = tail call %struct.task_struct* @pid_task(%struct.pid* %6, i32 2) #76 %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %16, label %34 %17 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %18 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 23 store i32 1, i32* %18, align 8 %19 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %19, i64 0, i32 95 %21 = load %struct.signal_struct*, %struct.signal_struct** %20, align 32 %22 = getelementptr %struct.signal_struct, %struct.signal_struct* %21, i64 0, i32 21, i64 3 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = icmp eq %struct.pid* %23, %6 br i1 %24, label %27, label %25 tail call void @change_pid(%struct.task_struct* %19, i32 3, %struct.pid* %6) #76 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #76 ------------- Use: =BAD PATH= Call Stack: 0 change_pid 1 __se_sys_setpgid 2 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #76 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #76 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #76 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #76 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #76 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #76 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #76 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #76 ------------- Use: =BAD PATH= Call Stack: 0 change_pid 1 __se_sys_setpgid 2 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #76 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #76 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #76 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #76 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #76 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #76 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #76 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #76 ------------- Good: 5 Bad: 3 Ignored: 7 Check Use of Function:vfs_parse_fs_string Check Use of Function:proc_fork_connector Check Use of Function:ieee80211_reenable_keys Check Use of Function:acpi_cppc_processor_exit Check Use of Function:inotify_ioctl Check Use of Function:tid_fd_revalidate Check Use of Function:ieee80211_mgd_quiesce Check Use of Function:idr_replace Check Use of Function:unapply_uprobe Check Use of Function:drm_framebuffer_check_src_coords Check Use of Function:fifo_init Check Use of Function:dissolve_on_fput Check Use of Function:sched_post_fork Check Use of Function:intel_display_finish_reset Check Use of Function:pagecache_get_page Use: =BAD PATH= Call Stack: 0 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ %22, %30 ], [ %127, %121 ] %38 = phi i64 [ 0, %30 ], [ %112, %121 ] %39 = phi i64 [ %26, %30 ], [ %130, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %37, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %37, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %39 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %39 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %37, i32 2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 shmem_getpage_gfp 1 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %40 = getelementptr inbounds %struct.address_space, %struct.address_space* %8, i64 0, i32 3 %41 = load i32, i32* %40, align 8 %42 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %1, i64 0, %struct.page** nonnull %4, i32 0, i32 %41, %struct.vm_area_struct* null, i32* null) #76 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 shmem_getpage_gfp 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ %16, %23 ], [ %103, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ 0, %23 ], [ %100, %124 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #76 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #76 ------------- Good: 204 Bad: 4 Ignored: 349 Check Use of Function:put_io_context Check Use of Function:ext4_inode_journal_mode Check Use of Function:get_seccomp_filter Check Use of Function:pci_free_irq_vectors Check Use of Function:security_inode_setxattr Check Use of Function:ieee80211_calculate_rx_timestamp Check Use of Function:vm_brk_flags Check Use of Function:drv_remove_interface Check Use of Function:napi_gro_receive Check Use of Function:__ptrace_link Check Use of Function:task_join_group_stop Check Use of Function:lru_add_drain_all Use: =BAD PATH= Call Stack: 0 compact_store ------------- Path:  Function:compact_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %6 = load i32, i32* %5, align 8 %7 = icmp sgt i32 %6, -1 %8 = load i32, i32* @nr_node_ids, align 4 %9 = icmp ult i32 %6, %8 %10 = and i1 %7, %9 br i1 %10, label %11, label %17 %12 = zext i32 %6 to i64 %13 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 1, i32 0, i64 0), i64 %12) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %17, label %16 tail call void @lru_add_drain_all() #76 ------------- Good: 21 Bad: 1 Ignored: 28 Check Use of Function:fc_drop_locked Check Use of Function:irq_domain_free_irqs Check Use of Function:tty_read Check Use of Function:mm_trace_rss_stat Check Use of Function:netlink_broadcast Check Use of Function:perf_compat_ioctl Check Use of Function:drm_mode_object_lease_required Check Use of Function:fget Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %8 = load %struct.gendisk.614953*, %struct.gendisk.614953** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.614955* %0, i32 %1, i32 %2, i64 %35) #77 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %14 = load %struct.gendisk.614953*, %struct.gendisk.614953** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %366 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %279 i32 19460, label %334 i32 19461, label %348 i32 19463, label %361 i32 19464, label %361 i32 19465, label %361 ] %33 = trunc i64 %3 to i32 %34 = tail call %struct.file.615025* bitcast (%struct.file* (i32)* @fget to %struct.file.615025* (i32)*)(i32 %33) #77 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %14 = load %struct.gendisk.614953*, %struct.gendisk.614953** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %366 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %279 i32 19460, label %334 i32 19461, label %348 i32 19463, label %361 i32 19464, label %361 i32 19465, label %361 ] %33 = trunc i64 %3 to i32 %34 = tail call %struct.file.615025* bitcast (%struct.file* (i32)* @fget to %struct.file.615025* (i32)*)(i32 %33) #77 ------------- Use: =BAD PATH= Call Stack: 0 loop_configure 1 lo_ioctl 2 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %8 = load %struct.gendisk.614953*, %struct.gendisk.614953** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.614955* %0, i32 %1, i32 %2, i64 %35) #77 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %14 = load %struct.gendisk.614953*, %struct.gendisk.614953** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %366 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %279 i32 19460, label %334 i32 19461, label %348 i32 19463, label %361 i32 19464, label %361 i32 19465, label %361 ] %24 = inttoptr i64 %3 to i8* %25 = bitcast %struct.loop_config* %12 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %25, i8* %24, i64 304) #77 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.614955* %0, %struct.loop_config* nonnull %12) #76 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.615025* bitcast (%struct.file* (i32)* @fget to %struct.file.615025* (i32)*)(i32 %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 loop_configure 1 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.614955, %struct.block_device.614955* %0, i64 0, i32 16 %14 = load %struct.gendisk.614953*, %struct.gendisk.614953** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.614953, %struct.gendisk.614953* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %366 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %279 i32 19460, label %334 i32 19461, label %348 i32 19463, label %361 i32 19464, label %361 i32 19465, label %361 ] %24 = inttoptr i64 %3 to i8* %25 = bitcast %struct.loop_config* %12 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %25, i8* %24, i64 304) #77 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.614955* %0, %struct.loop_config* nonnull %12) #76 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.615025* bitcast (%struct.file* (i32)* @fget to %struct.file.615025* (i32)*)(i32 %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #76 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #76 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #76 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #76 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102187* bitcast (%struct.file* (i32)* @fget to %struct.file.102187* (i32)*)(i32 %269) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102187, %struct.file.102187* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #76 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #76 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102187* bitcast (%struct.file* (i32)* @fget to %struct.file.102187* (i32)*)(i32 %269) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #76 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #76 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #76 ------------- Good: 23 Bad: 13 Ignored: 36 Check Use of Function:page_cache_sync_ra Check Use of Function:__drm_dbg Use: =BAD PATH= Call Stack: 0 i915_perf_remove_config_ioctl ------------- Path:  Function:i915_perf_remove_config_ioctl %4 = bitcast i8* %1 to i64* %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.381365** %5 to %struct.drm_i915_private.448538** %7 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %6, align 8 %8 = icmp eq %struct.drm_i915_private.448538* %7, null br i1 %8, label %9, label %10 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.46229, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.381365** %5 to %struct.i915_perf.448522* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.drm_property.381365** %5 to %struct.drm_i915_private.448538** %9 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %8, align 8 %10 = icmp eq %struct.drm_i915_private.448538* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 71 %14 = bitcast %struct.drm_property.381365** %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = tail call zeroext i1 @capable(i32 38) #76 br i1 %22, label %26, label %23 %27 = getelementptr inbounds i8, i8* %1, i64 48 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds i8, i8* %1, i64 36 %33 = bitcast i8* %32 to i32* %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %57 %37 = getelementptr inbounds i8, i8* %1, i64 56 %38 = bitcast i8* %37 to i64* %39 = load i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds i8, i8* %1, i64 40 %43 = bitcast i8* %42 to i32* %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %57 %47 = getelementptr inbounds i8, i8* %1, i64 64 %48 = bitcast i8* %47 to i64* %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %49, 0 br i1 %50, label %56, label %51 %52 = getelementptr inbounds i8, i8* %1, i64 44 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.5.46282, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.381365** %5 to %struct.i915_perf.448522* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.drm_property.381365** %5 to %struct.drm_i915_private.448538** %9 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %8, align 8 %10 = icmp eq %struct.drm_i915_private.448538* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 71 %14 = bitcast %struct.drm_property.381365** %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.3.46250, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.381365** %5 to %struct.i915_perf.448522* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.drm_property.381365** %5 to %struct.drm_i915_private.448538** %9 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %8, align 8 %10 = icmp eq %struct.drm_i915_private.448538* %9, null br i1 %10, label %11, label %12 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.46229, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %161 = icmp ult i64 %70, 100000 br i1 %161, label %162, label %164 %163 = extractvalue { i64*, i64, i64 } %68, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([50 x i8], [50 x i8]* @.str.32.46242, i64 0, i64 0), i64 %163) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %137 = inttoptr i64 %70 to i8* %138 = call i64 @_copy_from_user(i8* nonnull %39, i8* %137, i64 32) #76 %139 = icmp eq i64 %138, 0 br i1 %139, label %140, label %156 %141 = load %struct.intel_engine_cs.448549*, %struct.intel_engine_cs.448549** %33, align 8 %142 = load i16, i16* %41, align 8 %143 = getelementptr inbounds %struct.intel_engine_cs.448549, %struct.intel_engine_cs.448549* %141, i64 0, i32 10 %144 = load i16, i16* %143, align 2 %145 = icmp eq i16 %142, %144 br i1 %145, label %146, label %156 %157 = phi i8* [ getelementptr inbounds ([38 x i8], [38 x i8]* @.str.30.46240, i64 0, i64 0), %136 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.46241, i64 0, i64 0), %151 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.46241, i64 0, i64 0), %146 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.46241, i64 0, i64 0), %140 ] %158 = phi i32 [ -14, %136 ], [ %154, %151 ], [ -22, %146 ], [ -22, %140 ] call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* %157) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %108 = icmp ugt i64 %70, 31 br i1 %108, label %109, label %110 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.28.46238, i64 0, i64 0), i32 31) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %95 = add i64 %70, -1 %96 = icmp ugt i64 %95, 9 br i1 %96, label %97, label %99 %100 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %70) #6, !srcloc !6 %101 = and i8 %100, 1 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %105 %104 = extractvalue { i64*, i64, i64 } %68, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.27.46237, i64 0, i64 0), i64 %104) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %95 = add i64 %70, -1 %96 = icmp ugt i64 %95, 9 br i1 %96, label %97, label %99 %98 = extractvalue { i64*, i64, i64 } %68, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.26.46236, i64 0, i64 0), i64 %98) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %90 = icmp eq i64 %70, 0 br i1 %90, label %91, label %92 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.25.46235, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.381365*, %struct.drm_property.381365** %10, i64 37 %48 = bitcast %struct.drm_property.381365** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1442 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1446 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.24.46234, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([48 x i8], [48 x i8]* @.str.23.46233, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.448549* bitcast (%struct.intel_engine_cs.418308* (%struct.drm_i915_private.418295*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.448549* (%struct.drm_i915_private.448538*, i8, i8)*)(%struct.drm_i915_private.448538* nonnull %13, i8 zeroext 0, i8 zeroext 0) #76 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.448549* %32, %struct.intel_engine_cs.448549** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.448549* %32, null br i1 %34, label %35, label %36 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.22.46232, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.21.46231, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.1.46230, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.448367*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.448325, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.381365** %10 to %struct.drm_i915_private.448538** %13 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %12, align 8 %14 = icmp eq %struct.drm_i915_private.448538* %13, null br i1 %14, label %15, label %16 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.46229, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %5 = getelementptr inbounds i8, i8* %1, i64 8 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = zext i32 %7 to i64 %9 = add nsw i64 %8, -1 %10 = icmp ult i64 %9, 2147483647 br i1 %10, label %18, label %11 %19 = getelementptr inbounds i8, i8* %1, i64 40 %20 = bitcast i8* %19 to i64* %21 = load i64, i64* %20, align 8 %22 = and i64 %21, -4161344 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %130 %25 = and i64 %21, 2621440 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %37 %28 = getelementptr inbounds i8, i8* %1, i64 28 %29 = bitcast i8* %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %130 %33 = getelementptr inbounds i8, i8* %1, i64 32 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %130 %38 = getelementptr inbounds i8, i8* %1, i64 24 %39 = bitcast i8* %38 to i32* %40 = load i32, i32* %39, align 8 %41 = icmp eq i32 %40, -1 br i1 %41, label %48, label %42 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.3.40929, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_getparam_ioctl ------------- Path:  Function:i915_getparam_ioctl %4 = alloca i32, align 4 %5 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.418295* %6 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 0, i32 2 %7 = bitcast %struct.device** %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 18, i32 2 %10 = bitcast %struct.device** %9 to %struct.intel_gt.418225* %11 = getelementptr inbounds %struct.drm_i915_private.418295, %struct.drm_i915_private.418295* %5, i64 0, i32 102, i32 33, i32 4 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 switch i32 %14, label %152 [ i32 1, label %166 i32 2, label %166 i32 3, label %166 i32 14, label %166 i32 4, label %15 i32 32, label %20 i32 6, label %24 i32 7, label %27 i32 10, label %33 i32 11, label %37 i32 22, label %41 i32 31, label %45 i32 17, label %49 i32 27, label %56 i32 18, label %59 i32 20, label %63 i32 23, label %68 i32 28, label %78 i32 33, label %80 i32 34, label %83 i32 35, label %89 i32 36, label %100 i32 38, label %101 i32 39, label %108 i32 42, label %112 i32 40, label %117 i32 41, label %119 i32 30, label %122 i32 5, label %122 i32 8, label %122 i32 9, label %122 i32 12, label %122 i32 13, label %122 i32 15, label %122 i32 16, label %122 i32 19, label %122 i32 21, label %122 i32 24, label %122 i32 25, label %122 i32 26, label %122 i32 29, label %122 i32 37, label %122 i32 43, label %122 i32 44, label %122 i32 45, label %122 i32 48, label %122 i32 49, label %122 i32 53, label %122 i32 55, label %122 i32 56, label %122 i32 50, label %123 i32 46, label %125 i32 47, label %130 i32 51, label %140 i32 52, label %143 i32 54, label %150 ] tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.38693, i64 0, i64 0), i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_crtc.410274** %11 = load %struct.drm_crtc.410274*, %struct.drm_crtc.410274** %10, align 8 %12 = bitcast i64* %5 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %51, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 tail call void (i32, i8*, ...) @__drm_dbg(i32 4, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.38387, i64 0, i64 0), i64 4096) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.408214*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.408214, %struct.file.408214* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.408262** %7 = load %struct.drm_file.408262*, %struct.drm_file.408262** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.83.408215], [185 x %struct.anon.83.408215]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.408214*, i32, i64)*, i32 (%struct.file.408214*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.408214*, i32, i64)* %14, null br i1 %15, label %16, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.408094** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.408094**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.408094* %21 = getelementptr inbounds %struct.task_struct.408094, %struct.task_struct.408094* %20, i64 0, i32 87, i64 0 %22 = getelementptr inbounds %struct.task_struct.408094, %struct.task_struct.408094* %20, i64 0, i32 53 %23 = load i32, i32* %22, align 8 %24 = getelementptr inbounds %struct.drm_file.408262, %struct.drm_file.408262* %7, i64 0, i32 13 %25 = load %struct.drm_minor.408249*, %struct.drm_minor.408249** %24, align 8 %26 = getelementptr inbounds %struct.drm_minor.408249, %struct.drm_minor.408249* %25, i64 0, i32 2 %27 = load %struct.device.408246*, %struct.device.408246** %26, align 8 %28 = getelementptr inbounds %struct.device.408246, %struct.device.408246* %27, i64 0, i32 28 %29 = load i32, i32* %28, align 4 %30 = lshr i32 %29, 20 %31 = shl nuw nsw i32 %30, 8 %32 = or i32 %31, %29 %33 = and i32 %32, 65535 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds %struct.drm_file.408262, %struct.drm_file.408262* %7, i64 0, i32 0 %36 = load i8, i8* %35, align 8, !range !5 %37 = zext i8 %36 to i32 %38 = getelementptr [185 x %struct.anon.83.408215], [185 x %struct.anon.83.408215]* @drm_compat_ioctls, i64 0, i64 %12, i32 1 %39 = load i8*, i8** %38, align 8 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.38296, i64 0, i64 0), i8* %21, i32 %23, i64 %34, i32 %37, i8* %39) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_noop ------------- Path:  Function:drm_noop tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.36796, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.391939, %struct.drm_device.391939* %14, i64 0, i32 4 %27 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.391913*, %struct.drm_ioctl_desc.391913** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.391913* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.36906, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.391939, %struct.drm_device.391939* %14, i64 0, i32 4 %27 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.391913*, %struct.drm_ioctl_desc.391913** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.391913* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.36906, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.391939, %struct.drm_device.391939* %14, i64 0, i32 4 %27 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %127 = phi i32 [ %52, %122 ], [ %9, %42 ], [ %9, %25 ] %128 = phi i32 [ %124, %122 ], [ -22, %42 ], [ -22, %25 ] %129 = phi i8* [ %123, %122 ], [ null, %42 ], [ null, %25 ] %130 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %131 = inttoptr i64 %130 to %struct.task_struct* %132 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 87, i64 0 %133 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 53 %134 = load i32, i32* %133, align 8 %135 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %136 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %135, i64 0, i32 2 %137 = load %struct.device*, %struct.device** %136, align 8 %138 = getelementptr inbounds %struct.device, %struct.device* %137, i64 0, i32 28 %139 = load i32, i32* %138, align 4 %140 = lshr i32 %139, 20 %141 = shl nuw nsw i32 %140, 8 %142 = or i32 %141, %139 %143 = and i32 %142, 65535 %144 = zext i32 %143 to i64 %145 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %146 = load i8, i8* %145, align 8, !range !6 %147 = zext i8 %146 to i32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([77 x i8], [77 x i8]* @.str.3.36908, i64 0, i64 0), i8* %132, i32 %134, i64 %144, i32 %147, i32 %1, i32 %127) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.391939, %struct.drm_device.391939* %14, i64 0, i32 4 %27 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %127 = phi i32 [ %52, %122 ], [ %9, %42 ], [ %9, %25 ] %128 = phi i32 [ %124, %122 ], [ -22, %42 ], [ -22, %25 ] %129 = phi i8* [ %123, %122 ], [ null, %42 ], [ null, %25 ] %130 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %131 = inttoptr i64 %130 to %struct.task_struct* %132 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 87, i64 0 %133 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 53 %134 = load i32, i32* %133, align 8 %135 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %136 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %135, i64 0, i32 2 %137 = load %struct.device*, %struct.device** %136, align 8 %138 = getelementptr inbounds %struct.device, %struct.device* %137, i64 0, i32 28 %139 = load i32, i32* %138, align 4 %140 = lshr i32 %139, 20 %141 = shl nuw nsw i32 %140, 8 %142 = or i32 %141, %139 %143 = and i32 %142, 65535 %144 = zext i32 %143 to i64 %145 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %146 = load i8, i8* %145, align 8, !range !6 %147 = zext i8 %146 to i32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([77 x i8], [77 x i8]* @.str.3.36908, i64 0, i64 0), i8* %132, i32 %134, i64 %144, i32 %147, i32 %1, i32 %127) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.391939, %struct.drm_device.391939* %14, i64 0, i32 4 %27 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.391913*, %struct.drm_ioctl_desc.391913** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.391913* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.36906, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #76 %90 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 2 %91 = bitcast {}** %90 to i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)** %92 = load i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)*, i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)** %91, align 8 %93 = icmp eq i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)* %92, null br i1 %93, label %94, label %95, !prof !7, !misexpect !8 %96 = icmp ult i32 %69, 129 br i1 %96, label %101, label %97 %102 = phi i8* [ %99, %97 ], [ %10, %95 ] %103 = inttoptr i64 %2 to i8* %104 = zext i32 %63 to i64 %105 = call i64 @_copy_from_user(i8* %102, i8* %103, i64 %104) #76 %106 = icmp eq i64 %105, 0 br i1 %106, label %107, label %122 %108 = icmp ugt i32 %69, %63 br i1 %108, label %109, label %113 %110 = getelementptr i8, i8* %102, i64 %104 %111 = sub nsw i32 %69, %63 %112 = zext i32 %111 to i64 br label %113 %114 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 1 %115 = load i32, i32* %114, align 4 %116 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)* nonnull %92, i8* %102, i32 %115) #77 %117 = trunc i64 %116 to i32 %118 = zext i32 %65 to i64 %119 = call i64 @_copy_to_user(i8* %103, i8* %102, i64 %118) #76 %120 = icmp eq i64 %119, 0 %121 = select i1 %120, i32 %117, i32 -14 br label %122 %123 = phi i8* [ null, %94 ], [ null, %97 ], [ %102, %101 ], [ %102, %113 ] %124 = phi i32 [ -22, %94 ], [ -12, %97 ], [ -14, %101 ], [ %121, %113 ] %125 = icmp eq %struct.drm_ioctl_desc.391913* %53, null br i1 %125, label %126, label %148 %149 = phi i32 [ %124, %122 ], [ %128, %126 ] %150 = phi i8* [ %123, %122 ], [ %129, %126 ] %151 = icmp eq i8* %150, %10 br i1 %151, label %153, label %152 %154 = icmp eq i32 %149, 0 br i1 %154, label %161, label %155 %156 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %157 = inttoptr i64 %156 to %struct.task_struct* %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 87, i64 0 %159 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 53 %160 = load i32, i32* %159, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.4.36909, i64 0, i64 0), i8* %158, i32 %160, i32 %149) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.434817*, i32, i64)*)(%struct.file.434817* %0, i32 %1, i64 %2) #76 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %12 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %12, i64 0, i32 3 %14 = load %struct.drm_device.391939*, %struct.drm_device.391939** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %14, i32* nonnull %4) #76 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #76 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.391939, %struct.drm_device.391939* %14, i64 0, i32 4 %27 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.391914*, %struct.drm_driver.391914** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.391914, %struct.drm_driver.391914* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.391913*, %struct.drm_ioctl_desc.391913** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.391913* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.36906, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #76 %90 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 2 %91 = bitcast {}** %90 to i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)** %92 = load i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)*, i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)** %91, align 8 %93 = icmp eq i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)* %92, null br i1 %93, label %94, label %95, !prof !7, !misexpect !8 %96 = icmp ult i32 %69, 129 br i1 %96, label %101, label %97 %102 = phi i8* [ %99, %97 ], [ %10, %95 ] %103 = inttoptr i64 %2 to i8* %104 = zext i32 %63 to i64 %105 = call i64 @_copy_from_user(i8* %102, i8* %103, i64 %104) #76 %106 = icmp eq i64 %105, 0 br i1 %106, label %107, label %122 %108 = icmp ugt i32 %69, %63 br i1 %108, label %109, label %113 %110 = getelementptr i8, i8* %102, i64 %104 %111 = sub nsw i32 %69, %63 %112 = zext i32 %111 to i64 br label %113 %114 = getelementptr inbounds %struct.drm_ioctl_desc.391913, %struct.drm_ioctl_desc.391913* %53, i64 0, i32 1 %115 = load i32, i32* %114, align 4 %116 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)* nonnull %92, i8* %102, i32 %115) #77 %117 = trunc i64 %116 to i32 %118 = zext i32 %65 to i64 %119 = call i64 @_copy_to_user(i8* %103, i8* %102, i64 %118) #76 %120 = icmp eq i64 %119, 0 %121 = select i1 %120, i32 %117, i32 -14 br label %122 %123 = phi i8* [ null, %94 ], [ null, %97 ], [ %102, %101 ], [ %102, %113 ] %124 = phi i32 [ -22, %94 ], [ -12, %97 ], [ -14, %101 ], [ %121, %113 ] %125 = icmp eq %struct.drm_ioctl_desc.391913* %53, null br i1 %125, label %126, label %148 %149 = phi i32 [ %124, %122 ], [ %128, %126 ] %150 = phi i8* [ %123, %122 ], [ %129, %126 ] %151 = icmp eq i8* %150, %10 br i1 %151, label %153, label %152 %154 = icmp eq i32 %149, 0 br i1 %154, label %161, label %155 %156 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %157 = inttoptr i64 %156 to %struct.task_struct* %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 87, i64 0 %159 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 53 %160 = load i32, i32* %159, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.4.36909, i64 0, i64 0), i8* %158, i32 %160, i32 %149) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_stub_open ------------- Path:  Function:drm_stub_open tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.36912, i64 0, i64 0)) #76 ------------- Good: 1282 Bad: 28 Ignored: 783 Check Use of Function:kernfs_fop_write_iter Check Use of Function:vm_mmap Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %159 %10 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %159, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %159 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %159, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #76 %31 = bitcast i8* %30 to %struct.drm_i915_gem_object.448284* %32 = icmp eq i8* %30, null br i1 %32, label %57, label %33 %34 = bitcast i8* %30 to %struct.seqcount_spinlock* %35 = bitcast i8* %30 to i32* %36 = load volatile i32, i32* %35, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %48, label %38 %39 = phi i32 [ %46, %45 ], [ %36, %33 ] %40 = add i32 %39, 1 %41 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %35, i32 %40, i32* nonnull %35, i32 %39) #6, !srcloc !5 %42 = extractvalue { i8, i32 } %41, 0 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %45, label %48, !prof !6, !misexpect !7 %46 = extractvalue { i8, i32 } %41, 1 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %38 %49 = phi i32 [ 0, %33 ], [ %39, %38 ], [ 0, %45 ] %50 = add i32 %49, 1 %51 = or i32 %50, %49 %52 = icmp sgt i32 %51, -1 br i1 %52, label %54, label %53, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %34, i32 0) #76 br label %54 %55 = icmp eq i32 %49, 0 %56 = select i1 %55, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %31 br label %57 %58 = phi %struct.drm_i915_gem_object.448284* [ null, %25 ], [ %56, %54 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %59 = icmp eq %struct.drm_i915_gem_object.448284* %58, null br i1 %59, label %159, label %60 %61 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 3 %62 = load %struct.file*, %struct.file** %61, align 8 %63 = icmp eq %struct.file* %62, null br i1 %63, label %144, label %64 %65 = getelementptr inbounds i8, i8* %1, i64 8 %66 = bitcast i8* %65 to i64* %67 = load i64, i64* %66, align 8 %68 = getelementptr inbounds i8, i8* %1, i64 16 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.drm_i915_gem_object.448284, %struct.drm_i915_gem_object.448284* %58, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %67 br i1 %72, label %73, label %144 %74 = load i64, i64* %69, align 8 %75 = sub i64 %71, %67 %76 = icmp ugt i64 %74, %75 br i1 %76, label %144, label %77 %78 = tail call i64 @vm_mmap(%struct.file* nonnull %62, i64 0, i64 %74, i64 3, i64 1, i64 %67) #76 ------------- Good: 12 Bad: 1 Ignored: 3 Check Use of Function:ieee80211_if_add Check Use of Function:ext4_fc_stop_update Check Use of Function:usblp_ioctl Check Use of Function:ata_acpi_dev_notify_dock Check Use of Function:dput_to_list Check Use of Function:ieee80211_destroy_frag_cache Check Use of Function:tg3_request_irq Check Use of Function:sta_info_insert Check Use of Function:mon_bin_compat_ioctl Check Use of Function:is_subdir Check Use of Function:bitmap_free Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.49808, %struct.ctl_table.49808* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.49808, %struct.ctl_table.49808* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %42 = bitcast i8** %11 to i8* %43 = bitcast i8** %11 to i64* store i64 %15, i64* %43, align 8 %44 = icmp ugt i64 %17, 4095 br i1 %44, label %45, label %47 store i64 4095, i64* %7, align 8 %46 = add i64 %17, -4095 br label %47 %48 = phi i64 [ 4095, %45 ], [ %17, %41 ] %49 = phi i64 [ %46, %45 ], [ 0, %41 ] %50 = tail call i64* @bitmap_zalloc(i32 %19, i32 3264) #76 %51 = icmp eq i64* %50, null br i1 %51, label %140, label %52 %53 = getelementptr i8, i8* %2, i64 %48 br label %54 %55 = phi i8* [ %61, %59 ], [ %2, %52 ] %56 = phi i64 [ %60, %59 ], [ %48, %52 ] %57 = load i8, i8* %55, align 1 %58 = icmp eq i8 %57, 10 br i1 %58, label %59, label %64 store i8* %55, i8** %11, align 8 %65 = bitcast i64* %12 to i8* %66 = bitcast i64* %13 to i8* %67 = icmp ne i64 %49, 0 br label %69 %70 = phi i64 [ %56, %64 ], [ %138, %137 ] %71 = call fastcc i32 @proc_get_long(i8** nonnull %11, i64* nonnull %7, i64* nonnull %12, i8* nonnull %14, i8* nonnull %25, i8* nonnull %10) #77 %72 = load i64, i64* %7, align 8 %73 = icmp ult i64 %72, 2 %74 = and i1 %67, %73 br i1 %74, label %75, label %76 %77 = icmp eq i32 %71, 0 br i1 %77, label %78, label %201 %202 = phi i64 [ %70, %75 ], [ %70, %98 ], [ %95, %101 ], [ %95, %99 ], [ %72, %78 ], [ %72, %76 ] %203 = phi i32 [ %71, %75 ], [ %94, %98 ], [ -22, %101 ], [ %94, %99 ], [ -22, %78 ], [ %71, %76 ] %204 = add i64 %202, %49 store i64 %204, i64* %7, align 8 %205 = icmp eq i32 %203, 0 br i1 %205, label %206, label %225 %226 = phi i32 [ %203, %201 ], [ 0, %219 ] %227 = phi i64* [ %50, %201 ], [ %207, %219 ] call void @bitmap_free(i64* %227) #76 ------------- Good: 52 Bad: 1 Ignored: 2 Check Use of Function:pidns_install Check Use of Function:i8042_enable_aux_port Check Use of Function:umount_tree Check Use of Function:__vfs_removexattr Check Use of Function:nla_strscpy Check Use of Function:arch_setup_additional_pages Check Use of Function:hibernation_snapshot Check Use of Function:rdev_set_wakeup Check Use of Function:free_nsproxy Check Use of Function:tg3_enable_ints Check Use of Function:isolate_huge_page Check Use of Function:dev_mc_del Check Use of Function:xol_free_insn_slot Check Use of Function:io_queue_async_work Check Use of Function:nfs_lookup_revalidate Check Use of Function:drm_master_open Check Use of Function:acpi_processor_power_exit Check Use of Function:usbdev_ioctl Check Use of Function:generic_access_phys Check Use of Function:ida_free Use: =BAD PATH= Call Stack: 0 eventfd_release ------------- Path:  Function:eventfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.eventfd_ctx** %5 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %6, i32 3, i32 1, i8* nonnull inttoptr (i64 16 to i8*)) #76 %7 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 %17 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 11, i32 0, i32 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %22 tail call void @ida_free(%struct.ida* nonnull @eventfd_ida, i32 %19) #76 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %4) #76 %6 = icmp eq %struct.net* %5, null br i1 %6, label %21, label %7 %8 = getelementptr inbounds %struct.net, %struct.net* %5, i64 0, i32 16 %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 32 %10 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %9) #77 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18467, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #76 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18468, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #76 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #76 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #76 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #76 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #76 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #77 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_readdir 3 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 @proc_readdir(%struct.file* %0, %struct.dir_context* %1) #76 Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #76 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18467, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #76 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18468, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #76 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #76 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #76 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #76 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #76 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #77 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #76 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18467, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #76 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18468, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #76 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #76 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #76 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #76 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #76 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #77 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 devpts_kill_index 1 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #76 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 devpts_kill_index 1 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #76 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238264* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238263*, %struct.nfs_open_context.238263** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238263, %struct.nfs_open_context.238263* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #76 %28 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238293* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238293* %77) #76 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238293* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238264* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238263*, %struct.nfs_open_context.238263** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238263, %struct.nfs_open_context.238263* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #76 %28 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238293* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238293* %77) #76 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238293* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_unlck 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.236617** %7 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.236616* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.236616* nonnull %9, %struct.file_lock* %2) #76 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.236614*, %struct.nfs4_state_owner.236614** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 17 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.238262*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.236616*, %struct.file_lock*)*)(%struct.nfs4_state.236616* %0, %struct.file_lock* %1) #76 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %115 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to %struct.nfs4_lock_state.238293** %13 = bitcast %struct.spinlock* %9 to i8* %14 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 br label %15 %16 = phi %struct.nfs4_lock_state.238293* [ null, %6 ], [ %63, %94 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %17 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %12, align 8 %18 = getelementptr %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %17, i64 0, i32 0 %19 = icmp eq %struct.list_head* %18, %11 br i1 %19, label %47, label %20 %21 = phi %struct.nfs4_lock_state.238293* [ %30, %26 ], [ %17, %15 ] %22 = phi %struct.nfs4_lock_state.238293* [ %28, %26 ], [ null, %15 ] %23 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %21, i64 0, i32 6 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, %8 br i1 %25, label %33, label %26 %27 = icmp eq i8* %24, null %28 = select i1 %27, %struct.nfs4_lock_state.238293* %21, %struct.nfs4_lock_state.238293* %22 %29 = bitcast %struct.nfs4_lock_state.238293* %21 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %11 br i1 %32, label %33, label %20 %34 = phi %struct.nfs4_lock_state.238293* [ %28, %26 ], [ %21, %20 ] %35 = icmp eq %struct.nfs4_lock_state.238293* %34, null br i1 %35, label %47, label %36 %48 = icmp eq %struct.nfs4_lock_state.238293* %16, null br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %16, i64 0, i32 0 %51 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %52 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %17, i64 0, i32 0, i32 1 store %struct.list_head* %50, %struct.list_head** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %16, i64 0, i32 0, i32 0 store %struct.list_head* %18, %struct.list_head** %53, align 8 %54 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %16, i64 0, i32 0, i32 1 store %struct.list_head* %11, %struct.list_head** %54, align 8 store volatile %struct.list_head* %50, %struct.list_head** %51, align 8 %55 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %56 = bitcast i64* %55 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i32 1, i8* %56) #6, !srcloc !8 br label %99 %100 = phi %struct.nfs4_lock_state.238293* [ %16, %49 ], [ %34, %46 ], [ %34, %42 ], [ %34, %41 ] %101 = phi %struct.nfs4_lock_state.238293* [ null, %49 ], [ %16, %46 ], [ %16, %42 ], [ %16, %41 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %102 = icmp eq %struct.nfs4_lock_state.238293* %101, null br i1 %102, label %112, label %103 %104 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %14, align 8 %105 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %104, i64 0, i32 0 %106 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %105, align 8 %107 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %106, i64 0, i32 46 %108 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %101, i64 0, i32 3, i32 1 %109 = load i32, i32* %108, align 8 tail call void @ida_free(%struct.ida* %107, i32 %109) #76 ------------- Good: 135 Bad: 9 Ignored: 81 Check Use of Function:autofs_dir_rmdir Check Use of Function:seg6_exit Check Use of Function:ksys_sync_helper Check Use of Function:drm_mode_object_put Check Use of Function:serial8250_request_port Check Use of Function:ext4_find_extent Check Use of Function:ieee80211_txq_purge Check Use of Function:acpi_processor_throttling_init Check Use of Function:serport_ldisc_close Check Use of Function:namespace_unlock Check Use of Function:security_inode_removexattr Check Use of Function:proc_map_files_lookup Check Use of Function:task_set_jobctl_pending Check Use of Function:evdev_ioctl Check Use of Function:udp_abort Check Use of Function:uart_change_speed Check Use of Function:drm_mode_debug_printmodeline Check Use of Function:cfg80211_rdev_free_coalesce Check Use of Function:free_fs_struct Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #76 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #76 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %66 = phi i64 [ 0, %46 ], [ %63, %61 ], [ 0, %57 ] %67 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 92 %68 = load %struct.files_struct*, %struct.files_struct** %67, align 8 %69 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %70 = and i64 %8, 1024 %71 = icmp ne i64 %70, 0 %72 = icmp ne %struct.files_struct* %68, null %73 = and i1 %71, %72 br i1 %73, label %74, label %83 %75 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %68, i64 0, i32 0, i32 0 %76 = load volatile i32, i32* %75, align 4 %77 = icmp sgt i32 %76, 1 br i1 %77, label %78, label %83 %84 = phi i64 [ 0, %65 ], [ 0, %74 ], [ %80, %78 ] br label %87 %88 = phi i64 [ %84, %83 ], [ %80, %85 ] %89 = and i64 %8, 268435456 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %143 %92 = inttoptr i64 %66 to %struct.fs_struct* %93 = call i32 @unshare_nsproxy_namespaces(i64 %17, %struct.nsproxy** nonnull %3, %struct.cred* null, %struct.fs_struct* %92) #76 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %143 %96 = or i64 %66, %47 %97 = or i64 %96, %88 %98 = icmp ne i64 %97, 0 %99 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %100 = icmp ne %struct.nsproxy* %99, null %101 = or i1 %98, %100 br i1 %101, label %102, label %140 br i1 %48, label %104, label %103 %105 = and i64 %8, 134217728 %106 = icmp eq i64 %105, 0 br i1 %106, label %111, label %107 %112 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %113 = icmp eq %struct.nsproxy* %112, null br i1 %113, label %115, label %114 %116 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %116) #76 %117 = icmp eq i64 %66, 0 br i1 %117, label %130, label %118 %131 = phi i64 [ 0, %115 ], [ %128, %118 ] %132 = icmp eq i64 %88, 0 br i1 %132, label %136, label %133 %137 = phi i64 [ 0, %130 ], [ %135, %133 ] %138 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %139 = bitcast %struct.spinlock* %138 to i8* store volatile i8 0, i8* %139, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %140 %141 = phi i64 [ %131, %136 ], [ %66, %95 ] %142 = phi i64 [ %137, %136 ], [ %88, %95 ] call void bitcast (void (%struct.task_struct.114999*)* @perf_event_namespaces to void (%struct.task_struct*)*)(%struct.task_struct* %50) #76 br label %143 %144 = phi i64 [ %66, %87 ], [ %141, %140 ], [ %66, %91 ] %145 = phi i64 [ %88, %87 ], [ %142, %140 ], [ %88, %91 ] %146 = phi i32 [ -22, %87 ], [ 0, %140 ], [ %93, %91 ] %147 = icmp eq i64 %145, 0 br i1 %147, label %150, label %148 %151 = phi i64 [ %144, %143 ], [ %144, %148 ], [ %66, %85 ] %152 = phi i32 [ %146, %143 ], [ %146, %148 ], [ %82, %85 ] %153 = icmp eq i64 %151, 0 br i1 %153, label %156, label %154 %155 = inttoptr i64 %151 to %struct.fs_struct* call void @free_fs_struct(%struct.fs_struct* nonnull %155) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #76 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #76 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %66 = phi i64 [ 0, %46 ], [ %63, %61 ], [ 0, %57 ] %67 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 92 %68 = load %struct.files_struct*, %struct.files_struct** %67, align 8 %69 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %70 = and i64 %8, 1024 %71 = icmp ne i64 %70, 0 %72 = icmp ne %struct.files_struct* %68, null %73 = and i1 %71, %72 br i1 %73, label %74, label %83 %75 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %68, i64 0, i32 0, i32 0 %76 = load volatile i32, i32* %75, align 4 %77 = icmp sgt i32 %76, 1 br i1 %77, label %78, label %83 %84 = phi i64 [ 0, %65 ], [ 0, %74 ], [ %80, %78 ] br label %87 %88 = phi i64 [ %84, %83 ], [ %80, %85 ] %89 = and i64 %8, 268435456 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %143 %92 = inttoptr i64 %66 to %struct.fs_struct* %93 = call i32 @unshare_nsproxy_namespaces(i64 %17, %struct.nsproxy** nonnull %3, %struct.cred* null, %struct.fs_struct* %92) #76 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %143 %96 = or i64 %66, %47 %97 = or i64 %96, %88 %98 = icmp ne i64 %97, 0 %99 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %100 = icmp ne %struct.nsproxy* %99, null %101 = or i1 %98, %100 br i1 %101, label %102, label %140 br i1 %48, label %104, label %103 %105 = and i64 %8, 134217728 %106 = icmp eq i64 %105, 0 br i1 %106, label %111, label %107 %112 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %113 = icmp eq %struct.nsproxy* %112, null br i1 %113, label %115, label %114 %116 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %116) #76 %117 = icmp eq i64 %66, 0 br i1 %117, label %130, label %118 %131 = phi i64 [ 0, %115 ], [ %128, %118 ] %132 = icmp eq i64 %88, 0 br i1 %132, label %136, label %133 %137 = phi i64 [ 0, %130 ], [ %135, %133 ] %138 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %139 = bitcast %struct.spinlock* %138 to i8* store volatile i8 0, i8* %139, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %140 %141 = phi i64 [ %131, %136 ], [ %66, %95 ] %142 = phi i64 [ %137, %136 ], [ %88, %95 ] call void bitcast (void (%struct.task_struct.114999*)* @perf_event_namespaces to void (%struct.task_struct*)*)(%struct.task_struct* %50) #76 br label %143 %144 = phi i64 [ %66, %87 ], [ %141, %140 ], [ %66, %91 ] %145 = phi i64 [ %88, %87 ], [ %142, %140 ], [ %88, %91 ] %146 = phi i32 [ -22, %87 ], [ 0, %140 ], [ %93, %91 ] %147 = icmp eq i64 %145, 0 br i1 %147, label %150, label %148 %151 = phi i64 [ %144, %143 ], [ %144, %148 ], [ %66, %85 ] %152 = phi i32 [ %146, %143 ], [ %146, %148 ], [ %82, %85 ] %153 = icmp eq i64 %151, 0 br i1 %153, label %156, label %154 %155 = inttoptr i64 %151 to %struct.fs_struct* call void @free_fs_struct(%struct.fs_struct* nonnull %155) #76 ------------- Good: 1 Bad: 2 Ignored: 1 Check Use of Function:uart_shutdown Check Use of Function:cgroup_leave_frozen Check Use of Function:uart_startup Check Use of Function:ext4_rmdir Check Use of Function:ext4_es_delayed_clu Check Use of Function:autofs_dev_ioctl Use: =BAD PATH= Call Stack: 0 autofs_dev_ioctl_compat ------------- Path:  Function:autofs_dev_ioctl_compat %4 = and i64 %2, 4294967295 %5 = tail call i64 @autofs_dev_ioctl(%struct.file* %0, i32 %1, i64 %4) #76 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:complete_walk Check Use of Function:ieee80211_sta_rx_bw_to_chan_width Check Use of Function:arch_randomize_brk Check Use of Function:sd_pr_release Check Use of Function:nfs_file_write Check Use of Function:drm_vblank_put Check Use of Function:attach_pid Check Use of Function:serial8250_verify_port Check Use of Function:device_rename Check Use of Function:swsusp_free Check Use of Function:__mmap_lock_do_trace_released Use: =BAD PATH= Call Stack: 0 m_stop.18210 ------------- Path:  Function:m_stop.18210 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 %9 = load %struct.task_struct*, %struct.task_struct** %8, align 8 %10 = icmp eq %struct.task_struct* %9, null br i1 %10, label %32, label %11 %12 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 4 %13 = load %struct.mempolicy*, %struct.mempolicy** %12, align 8 %14 = icmp eq %struct.mempolicy* %13, null br i1 %14, label %16, label %15 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_stop.18210, %17)) #6 to label %18 [label %17], !srcloc !4 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_stop.18210 ------------- Path:  Function:m_stop.18210 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 %9 = load %struct.task_struct*, %struct.task_struct** %8, align 8 %10 = icmp eq %struct.task_struct* %9, null br i1 %10, label %32, label %11 %12 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 4 %13 = load %struct.mempolicy*, %struct.mempolicy** %12, align 8 %14 = icmp eq %struct.mempolicy* %13, null br i1 %14, label %16, label %15 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_stop.18210, %17)) #6 to label %18 [label %17], !srcloc !4 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_stop.18210 ------------- Path:  Function:m_stop.18210 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 %9 = load %struct.task_struct*, %struct.task_struct** %8, align 8 %10 = icmp eq %struct.task_struct* %9, null br i1 %10, label %32, label %11 %12 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 4 %13 = load %struct.mempolicy*, %struct.mempolicy** %12, align 8 %14 = icmp eq %struct.mempolicy* %13, null br i1 %14, label %16, label %15 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_stop.18210, %17)) #6 to label %18 [label %17], !srcloc !4 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __ia32_sys_get_mempolicy ------------- Path:  Function:__ia32_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #76 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 %57 = icmp eq i64 %2, 0 br i1 %57, label %64, label %163 %65 = icmp eq %struct.mempolicy* %10, null %66 = select i1 %65, %struct.mempolicy* @default_policy, %struct.mempolicy* %10 %67 = and i64 %3, 1 %68 = icmp eq i64 %67, 0 br i1 %68, label %85, label %73 %74 = icmp eq %struct.mempolicy* %66, %10 br i1 %74, label %75, label %128 %129 = phi %struct.mempolicy* [ %61, %69 ], [ %102, %110 ], [ %102, %125 ], [ %102, %100 ], [ %10, %75 ], [ %66, %73 ] %130 = phi i32 [ %71, %69 ], [ 0, %110 ], [ 0, %125 ], [ 0, %100 ], [ -22, %75 ], [ -22, %73 ] %131 = phi %struct.vm_area_struct* [ null, %69 ], [ %103, %110 ], [ %103, %125 ], [ %103, %100 ], [ null, %75 ], [ null, %73 ] %132 = phi %struct.mempolicy* [ %61, %69 ], [ %104, %110 ], [ %104, %125 ], [ %104, %100 ], [ null, %75 ], [ null, %73 ] %133 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %129, i64 0, i32 2 %134 = load i16, i16* %133, align 2 %135 = and i16 %134, 1 %136 = icmp eq i16 %135, 0 br i1 %136, label %145, label %137 %146 = icmp eq %struct.vm_area_struct* %131, null br i1 %146, label %151, label %147 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %148)) #6 to label %149 [label %148], !srcloc !7 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %8, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __x64_sys_get_mempolicy ------------- Path:  Function:__x64_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #76 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 %57 = icmp eq i64 %2, 0 br i1 %57, label %64, label %163 %65 = icmp eq %struct.mempolicy* %10, null %66 = select i1 %65, %struct.mempolicy* @default_policy, %struct.mempolicy* %10 %67 = and i64 %3, 1 %68 = icmp eq i64 %67, 0 br i1 %68, label %85, label %73 %74 = icmp eq %struct.mempolicy* %66, %10 br i1 %74, label %75, label %128 %129 = phi %struct.mempolicy* [ %61, %69 ], [ %102, %110 ], [ %102, %125 ], [ %102, %100 ], [ %10, %75 ], [ %66, %73 ] %130 = phi i32 [ %71, %69 ], [ 0, %110 ], [ 0, %125 ], [ 0, %100 ], [ -22, %75 ], [ -22, %73 ] %131 = phi %struct.vm_area_struct* [ null, %69 ], [ %103, %110 ], [ %103, %125 ], [ %103, %100 ], [ null, %75 ], [ null, %73 ] %132 = phi %struct.mempolicy* [ %61, %69 ], [ %104, %110 ], [ %104, %125 ], [ %104, %100 ], [ null, %75 ], [ null, %73 ] %133 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %129, i64 0, i32 2 %134 = load i16, i16* %133, align 2 %135 = and i16 %134, 1 %136 = icmp eq i16 %135, 0 br i1 %136, label %145, label %137 %146 = icmp eq %struct.vm_area_struct* %131, null br i1 %146, label %151, label %147 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %148)) #6 to label %149 [label %148], !srcloc !7 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %8, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 madvise_remove 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %88 = call fastcc i64 @madvise_remove(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_remove %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8192 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %45 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = icmp eq %struct.file* %13, null br i1 %14, label %45, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = icmp eq %struct.address_space* %17, null br i1 %18, label %45, label %19 %20 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 0 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.inode* %21, null br i1 %22, label %45, label %23 %24 = and i64 %8, 10 %25 = icmp eq i64 %24, 10 br i1 %25, label %26, label %45 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = sub i64 %2, %28 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %31 = load i64, i64* %30, align 8 %32 = shl i64 %31, 12 %33 = add i64 %29, %32 %34 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_remove, %35)) #6 to label %36 [label %35], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %6, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 madvise_remove 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %88 = call fastcc i64 @madvise_remove(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_remove %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8192 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %45 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = icmp eq %struct.file* %13, null br i1 %14, label %45, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = icmp eq %struct.address_space* %17, null br i1 %18, label %45, label %19 %20 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 0 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.inode* %21, null br i1 %22, label %45, label %23 %24 = and i64 %8, 10 %25 = icmp eq i64 %24, 10 br i1 %25, label %26, label %45 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = sub i64 %2, %28 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %31 = load i64, i64* %30, align 8 %32 = shl i64 %31, 12 %33 = add i64 %29, %32 %34 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_remove, %35)) #6 to label %36 [label %35], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %6, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %136 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %137 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %137, i64* %137) #6, !srcloc !11 %138 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %139 = load i64, i64* %138, align 8 %140 = sub i64 %2, %139 %141 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %142 = load i64, i64* %141, align 8 %143 = shl i64 %142, 12 %144 = add i64 %140, %143 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_willneed, %145)) #6 to label %146 [label %145], !srcloc !12 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %136 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %137 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %137, i64* %137) #6, !srcloc !11 %138 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %139 = load i64, i64* %138, align 8 %140 = sub i64 %2, %139 %141 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %142 = load i64, i64* %141, align 8 %143 = shl i64 %142, 12 %144 = add i64 %140, %143 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_willneed, %145)) #6 to label %146 [label %145], !srcloc !12 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #76 ------------- Good: 144 Bad: 9 Ignored: 121 Check Use of Function:ieee80211_vif_copy_chanctx_to_vlans Check Use of Function:bus_set_iommu Check Use of Function:compat_put_bitmap Check Use of Function:__mmap_lock_do_trace_acquire_returned Check Use of Function:commit_creds Check Use of Function:ieee80211_recalc_ps_vif Check Use of Function:dm_pr_release Check Use of Function:set_cred_ucounts Check Use of Function:cfg80211_sme_rx_auth Check Use of Function:cn_netlink_send Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 comm_write ------------- Path:  Function:comm_write %5 = alloca [16 x i8], align 16 %6 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 2 %7 = load %struct.inode.177941*, %struct.inode.177941** %6, align 8 %8 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %9 = icmp ult i64 %2, 15 %10 = select i1 %9, i64 %2, i64 15 %11 = call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %10) #76 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %40 %14 = getelementptr %struct.inode.177941, %struct.inode.177941* %7, i64 -1, i32 41, i32 13 %15 = bitcast %struct.list_head* %14 to %struct.pid.177739** %16 = load %struct.pid.177739*, %struct.pid.177739** %15, align 8 %17 = call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %16, i32 0) #76 %18 = icmp eq %struct.task_struct.178066* %17, null br i1 %18, label %40, label %19 %20 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.178066** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.178066**)) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct.178066* %22 = getelementptr inbounds %struct.task_struct.178066, %struct.task_struct.178066* %21, i64 0, i32 95 %23 = load %struct.signal_struct.178026*, %struct.signal_struct.178026** %22, align 32 %24 = getelementptr inbounds %struct.task_struct.178066, %struct.task_struct.178066* %17, i64 0, i32 95 %25 = load %struct.signal_struct.178026*, %struct.signal_struct.178026** %24, align 32 %26 = icmp eq %struct.signal_struct.178026* %23, %25 br i1 %26, label %27, label %28 call void bitcast (void (%struct.task_struct*, i8*, i1)* @__set_task_comm to void (%struct.task_struct.178066*, i8*, i1)*)(%struct.task_struct.178066* nonnull %17, i8* nonnull %8, i1 zeroext false) #76 call void bitcast (void (%struct.task_struct.602042*)* @proc_comm_connector to void (%struct.task_struct.178066*)*)(%struct.task_struct.178066* nonnull %17) #76 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %42, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #76 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.602042*)*)(i8* %23, i64 16, %struct.task_struct.602042* %0) #76 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %34 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %38 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %39 = bitcast i8* %38 to i32* store i32 %37, i32* %39, align 4 %40 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __do_sys_prctl 2 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %48 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 15 store i8 0, i8* %48, align 1 %49 = inttoptr i64 %1 to i8* %50 = call i64 @strncpy_from_user(i8* nonnull %9, i8* %49, i64 15) #76 %51 = icmp slt i64 %50, 0 br i1 %51, label %276, label %52 call void @__set_task_comm(%struct.task_struct* %8, i8* nonnull %9, i1 zeroext false) #76 call void bitcast (void (%struct.task_struct.602042*)* @proc_comm_connector to void (%struct.task_struct*)*)(%struct.task_struct* %8) #76 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %42, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #76 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.602042*)*)(i8* %23, i64 16, %struct.task_struct.602042* %0) #76 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %34 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %38 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %39 = bitcast i8* %38 to i32* store i32 %37, i32* %39, align 4 %40 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __do_sys_prctl 2 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #76 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %48 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 15 store i8 0, i8* %48, align 1 %49 = inttoptr i64 %1 to i8* %50 = call i64 @strncpy_from_user(i8* nonnull %9, i8* %49, i64 15) #76 %51 = icmp slt i64 %50, 0 br i1 %51, label %276, label %52 call void @__set_task_comm(%struct.task_struct* %8, i8* nonnull %9, i1 zeroext false) #76 call void bitcast (void (%struct.task_struct.602042*)* @proc_comm_connector to void (%struct.task_struct*)*)(%struct.task_struct* %8) #76 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %42, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #76 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.602042*)*)(i8* %23, i64 16, %struct.task_struct.602042* %0) #76 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %34 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %38 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %39 = bitcast i8* %38 to i32* store i32 %37, i32* %39, align 4 %40 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_sid_connector 1 ksys_setsid 2 __do_sys_setsid ------------- Path:  Function:__do_sys_setsid %2 = tail call i32 @ksys_setsid() #76 Function:ksys_setsid %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 60 %4 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 63 %6 = load %struct.pid*, %struct.pid** %5, align 32 %7 = tail call i32 @pid_vnr(%struct.pid* %6) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 23 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %34 %14 = tail call %struct.task_struct* @pid_task(%struct.pid* %6, i32 2) #76 %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %16, label %34 %35 = phi i32 [ -1, %0 ], [ -1, %13 ], [ %7, %33 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %36 = icmp sgt i32 %35, 0 br i1 %36, label %37, label %38 tail call void bitcast (void (%struct.task_struct.602042*)* @proc_sid_connector to void (%struct.task_struct*)*)(%struct.task_struct* %4) #76 Function:proc_sid_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %40, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #76 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 128, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.602042, %struct.task_struct.602042* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = bitcast i8* %7 to i64* %24 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %24, i64* %23, align 4 %25 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %26 = bitcast i8* %25 to i32* store i32 0, i32* %26, align 8 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %28 = bitcast i8* %27 to i16* store i16 40, i16* %28, align 4 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %30 = bitcast i8* %29 to i16* store i16 0, i16* %30, align 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %32 = tail call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %33 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %34 = bitcast i8* %33 to i32* store i32 %32, i32* %34, align 4 %35 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %36 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %37 = bitcast i8* %36 to i32* store i32 %35, i32* %37, align 4 %38 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #76 ------------- Good: 36 Bad: 4 Ignored: 42 Check Use of Function:do_unblank_screen Check Use of Function:security_inode_unlink Check Use of Function:ext4_ext_try_to_merge Check Use of Function:fsnotify Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 br label %202 %203 = phi i32 [ %199, %198 ], [ %201, %200 ] %204 = icmp eq i32 %203, 0 br i1 %204, label %205, label %261 %206 = shl i32 %139, 1 %207 = and i32 %206, 4 %208 = select i1 %152, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %139, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %139, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %139, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %139, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %139, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %261, label %232 %233 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %234 = bitcast %struct.inode.150157* %233 to i8* %235 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %233, i64 0, i32 8 %236 = load %struct.super_block.150144*, %struct.super_block.150144** %235, align 8 %237 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %236, i64 0, i32 44, i32 0 %238 = load volatile i64, i64* %237, align 8 %239 = icmp eq i64 %238, 0 br i1 %239, label %261, label %240 %241 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %233, i64 0, i32 0 %242 = load i16, i16* %241, align 8 %243 = and i16 %242, -4096 %244 = icmp eq i16 %243, 16384 br i1 %244, label %245, label %251 %246 = or i32 %230, 1073741824 %247 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 16384 %250 = icmp eq i32 %249, 0 br i1 %250, label %258, label %251 %252 = phi i32 [ %246, %245 ], [ %230, %240 ] %253 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 3 %254 = load %struct.dentry.150148*, %struct.dentry.150148** %253, align 8 %255 = icmp eq %struct.dentry.150148* %254, %1 br i1 %255, label %258, label %256 %259 = phi i32 [ %252, %251 ], [ %246, %245 ] %260 = tail call i32 bitcast (i32 (i32, i8*, i32, %struct.inode.161300*, %struct.qstr*, %struct.inode.161300*, i32)* @fsnotify to i32 (i32, i8*, i32, %struct.inode.150157*, %struct.qstr*, %struct.inode.150157*, i32)*)(i32 %259, i8* %234, i32 2, %struct.inode.150157* null, %struct.qstr* null, %struct.inode.150157* %233, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __fsnotify_parent 1 notify_change 2 file_remove_privs 3 __generic_file_write_iter 4 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 br label %202 %203 = phi i32 [ %199, %198 ], [ %201, %200 ] %204 = icmp eq i32 %203, 0 br i1 %204, label %205, label %261 %206 = shl i32 %139, 1 %207 = and i32 %206, 4 %208 = select i1 %152, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %139, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %139, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %139, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %139, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %139, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %261, label %232 %233 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %234 = bitcast %struct.inode.150157* %233 to i8* %235 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %233, i64 0, i32 8 %236 = load %struct.super_block.150144*, %struct.super_block.150144** %235, align 8 %237 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %236, i64 0, i32 44, i32 0 %238 = load volatile i64, i64* %237, align 8 %239 = icmp eq i64 %238, 0 br i1 %239, label %261, label %240 %241 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %233, i64 0, i32 0 %242 = load i16, i16* %241, align 8 %243 = and i16 %242, -4096 %244 = icmp eq i16 %243, 16384 br i1 %244, label %245, label %251 %246 = or i32 %230, 1073741824 %247 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 16384 %250 = icmp eq i32 %249, 0 br i1 %250, label %258, label %251 %252 = phi i32 [ %246, %245 ], [ %230, %240 ] %253 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 3 %254 = load %struct.dentry.150148*, %struct.dentry.150148** %253, align 8 %255 = icmp eq %struct.dentry.150148* %254, %1 br i1 %255, label %258, label %256 %257 = tail call i32 bitcast (i32 (%struct.dentry.161288*, i32, i8*, i32)* @__fsnotify_parent to i32 (%struct.dentry.150148*, i32, i8*, i32)*)(%struct.dentry.150148* %1, i32 %252, i8* %234, i32 2) #76 Function:__fsnotify_parent %5 = alloca %struct.name_snapshot, align 8 %6 = icmp ne i32 %3, 1 %7 = icmp eq i8* %2, null %8 = or i1 %7, %6 br i1 %8, label %14, label %9 %15 = phi %struct.mount.161114* [ %13, %9 ], [ null, %4 ] %16 = getelementptr inbounds %struct.dentry.161288, %struct.dentry.161288* %0, i64 0, i32 5 %17 = load %struct.inode.161300*, %struct.inode.161300** %16, align 8 %18 = getelementptr inbounds %struct.dentry.161288, %struct.dentry.161288* %0, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16384 %21 = icmp eq i32 %20, 0 %22 = bitcast %struct.name_snapshot* %5 to i8* %23 = getelementptr inbounds %struct.inode.161300, %struct.inode.161300* %17, i64 0, i32 46 %24 = load %struct.fsnotify_mark_connector*, %struct.fsnotify_mark_connector** %23, align 8 %25 = icmp eq %struct.fsnotify_mark_connector* %24, null br i1 %25, label %26, label %41 %27 = getelementptr inbounds %struct.inode.161300, %struct.inode.161300* %17, i64 0, i32 8 %28 = load %struct.super_block.161284*, %struct.super_block.161284** %27, align 8 %29 = getelementptr inbounds %struct.super_block.161284, %struct.super_block.161284* %28, i64 0, i32 33 %30 = load %struct.fsnotify_mark_connector*, %struct.fsnotify_mark_connector** %29, align 8 %31 = icmp eq %struct.fsnotify_mark_connector* %30, null br i1 %31, label %32, label %41 %33 = icmp eq %struct.mount.161114* %15, null br i1 %33, label %40, label %34 %35 = getelementptr inbounds %struct.mount.161114, %struct.mount.161114* %15, i64 0, i32 20 %36 = load %struct.fsnotify_mark_connector*, %struct.fsnotify_mark_connector** %35, align 8 %37 = icmp ne %struct.fsnotify_mark_connector* %36, null %38 = xor i1 %21, true %39 = or i1 %37, %38 br i1 %39, label %41, label %120 %42 = and i32 %1, 1073741824 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %73 %74 = phi i1 [ %72, %69 ], [ false, %41 ] %75 = xor i1 %21, true %76 = or i1 %74, %75 br i1 %76, label %77, label %108 %109 = phi %struct.dentry.161288* [ %78, %90 ], [ null, %73 ] %110 = phi %struct.inode.161300* [ %80, %90 ], [ null, %73 ] %111 = tail call i32 @fsnotify(i32 %1, i8* %2, i32 %3, %struct.inode.161300* %110, %struct.qstr* null, %struct.inode.161300* %17, i32 0) #77 ------------- Good: 393 Bad: 2 Ignored: 322 Check Use of Function:drv_stop_ap Check Use of Function:register_netdevice Check Use of Function:down_read_interruptible Check Use of Function:uart_set_ldisc Check Use of Function:change_mnt_propagation Check Use of Function:mount_capable Check Use of Function:tcp_abort Check Use of Function:exit_shm Check Use of Function:exit_sem Check Use of Function:ioremap_cache Use: =BAD PATH= Call Stack: 0 memremap 1 setup_data_data_read ------------- Path:  Function:setup_data_data_read %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* %9 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @kstrtoint(i8* %10, i32 10, i32* nonnull %7) #76 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %13 %16 = load i32, i32* %7, align 4 %17 = load i64, i64* getelementptr inbounds (%struct.boot_params, %struct.boot_params* @boot_params, i64 0, i32 27, i32 34), align 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %73, label %19 %20 = phi i64 [ %28, %26 ], [ %17, %15 ] %21 = phi i32 [ %29, %26 ], [ 0, %15 ] %22 = icmp eq i32 %21, %16 %23 = call i8* @memremap(i64 %20, i64 16, i64 1) #76 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #76 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 memremap 1 type_show ------------- Path:  Function:type_show %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 0, i32 0 %7 = load i8*, i8** %6, align 8 %8 = call i32 @kstrtoint(i8* %7, i32 10, i32* nonnull %4) #76 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %13 = load i32, i32* %4, align 4 %14 = load i64, i64* getelementptr inbounds (%struct.boot_params, %struct.boot_params* @boot_params, i64 0, i32 27, i32 34), align 1 %15 = icmp eq i64 %14, 0 br i1 %15, label %42, label %16 %17 = phi i64 [ %25, %23 ], [ %14, %12 ] %18 = phi i32 [ %26, %23 ], [ 0, %12 ] %19 = icmp eq i32 %18, %13 %20 = call i8* @memremap(i64 %17, i64 16, i64 1) #76 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #76 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 memremap 1 setup_data_read ------------- Path:  Function:setup_data_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.arch_uprobe_task** %7 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %6, align 8 %8 = load i64, i64* %3, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = zext i32 %12 to i64 %14 = icmp slt i64 %8, %13 br i1 %14, label %15, label %37 %16 = sub nsw i64 %13, %8 %17 = icmp ult i64 %16, %2 %18 = select i1 %17, i64 %16, i64 %2 %19 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, %8 %22 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %23 = load i32, i32* %22, align 8 %24 = icmp ult i32 %23, -2147483647 %25 = add i64 %21, 16 %26 = select i1 %24, i64 %25, i64 %21 %27 = tail call i8* @memremap(i64 %26, i64 %18, i64 1) #76 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #76 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 memremap 1 xlate_dev_mem_ptr 2 write_mem ------------- Path:  Function:write_mem %5 = load i64, i64* %3, align 8 %6 = tail call i32 @valid_phys_addr_range(i64 %5, i64 %2) #76 %7 = icmp eq i32 %6, 0 br i1 %7, label %64, label %8 %9 = icmp eq i64 %2, 0 br i1 %9, label %60, label %10 %11 = phi i8* [ %34, %59 ], [ %1, %8 ] %12 = phi i64 [ %36, %59 ], [ %2, %8 ] %13 = phi i64 [ %35, %59 ], [ %5, %8 ] %14 = phi i64 [ %37, %59 ], [ 0, %8 ] %15 = and i64 %13, 4095 %16 = sub nuw nsw i64 4096, %15 %17 = icmp ult i64 %16, %12 %18 = select i1 %17, i64 %16, i64 %12 %19 = lshr i64 %13, 12 %20 = tail call i32 @devmem_is_allowed(i64 %19) #76 switch i32 %20, label %33 [ i32 0, label %64 i32 1, label %21 ] %22 = tail call i8* @xlate_dev_mem_ptr(i64 %13) #76 Function:xlate_dev_mem_ptr %2 = and i64 %0, -4096 %3 = tail call i8* @memremap(i64 %2, i64 4096, i64 1) #76 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #76 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #76 ------------- Good: 56 Bad: 4 Ignored: 23 Check Use of Function:autofs_root_ioctl Check Use of Function:security_shm_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %15 = load %struct.nsproxy*, %struct.nsproxy** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 0, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %17, %struct.ipc_ids* %21, %struct.ipc_ops.265446* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 94 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %19, align 8 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %20, align 4 %21 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %21, align 8 %22 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 2 %23 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %22, %struct.ipc_ops.265446* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #76 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %106 = zext i32 %2 to i64 %107 = tail call i64 @ksys_shmget(i32 %1, i64 %106, i32 %3) #76 Function:ksys_shmget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 94 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 8 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %12, align 8 %13 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %13, align 4 %14 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2, i32 0 store i64 %1, i64* %14, align 8 %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 2 %16 = call i32 bitcast (i32 (%struct.ipc_namespace.264557*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265446*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %15, %struct.ipc_ops.265446* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %4) #76 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:disable_swap_slots_cache_lock Check Use of Function:ring_buffer_write Check Use of Function:ida_alloc_range Check Use of Function:populate_vma_page_range Check Use of Function:pci_config_pm_runtime_get Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #76 %8 = bitcast i8* %7 to %struct.pci_dev.326387* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %124 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %35 = ptrtoint i8* %1 to i64 %36 = add i64 %33, %35 %37 = icmp ult i64 %36, %33 %38 = icmp ugt i64 %36, %34 %39 = or i1 %37, %38 br i1 %39, label %124, label %40, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.317892*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.326387*)*)(%struct.pci_dev.326387* %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.317892* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 232, i32 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = sext i32 %16 to i64 %18 = icmp slt i64 %17, %4 br i1 %18, label %122, label %19 %20 = add i64 %5, %4 %21 = icmp ugt i64 %20, %17 %22 = trunc i64 %4 to i32 %23 = sub i32 %16, %22 %24 = zext i32 %23 to i64 %25 = select i1 %21, i32 %23, i32 %9 %26 = select i1 %21, i64 %24, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.317892* %8) #76 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:kfree_skb_list Check Use of Function:check_vma_flags Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 ------------- Good: 7 Bad: 2 Ignored: 11 Check Use of Function:get_gate_page Check Use of Function:down_read_killable Use: =BAD PATH= Call Stack: 0 m_start.18209 ------------- Path:  Function:m_start.18209 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #76 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18209, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #76 br label %52 %53 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 17 %54 = tail call i32 @down_read_killable(%struct.rw_semaphore* %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18209 ------------- Path:  Function:m_start.18209 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #76 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18209, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #76 br label %52 %53 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 17 %54 = tail call i32 @down_read_killable(%struct.rw_semaphore* %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18209 ------------- Path:  Function:m_start.18209 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #76 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18209, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #76 br label %52 %53 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 17 %54 = tail call i32 @down_read_killable(%struct.rw_semaphore* %53) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #76 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #76 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #76 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !5 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !6, !misexpect !7 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !8, !misexpect !7 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #76 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 95 %39 = load %struct.signal_struct*, %struct.signal_struct** %38, align 32 %40 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %39, i64 0, i32 59 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 95 %42 = load %struct.signal_struct*, %struct.signal_struct** %41, align 32 %43 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %42, i64 0, i32 59 %44 = icmp ugt %struct.signal_struct* %42, %39 %45 = select i1 %44, %struct.rw_semaphore* %40, %struct.rw_semaphore* %43 %46 = select i1 %44, %struct.rw_semaphore* %43, %struct.rw_semaphore* %40 %47 = tail call i32 @down_read_killable(%struct.rw_semaphore* %46) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #76 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #76 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #76 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !5 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !6, !misexpect !7 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !8, !misexpect !7 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #76 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 95 %39 = load %struct.signal_struct*, %struct.signal_struct** %38, align 32 %40 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %39, i64 0, i32 59 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 95 %42 = load %struct.signal_struct*, %struct.signal_struct** %41, align 32 %43 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %42, i64 0, i32 59 %44 = icmp ugt %struct.signal_struct* %42, %39 %45 = select i1 %44, %struct.rw_semaphore* %40, %struct.rw_semaphore* %43 %46 = select i1 %44, %struct.rw_semaphore* %43, %struct.rw_semaphore* %40 %47 = tail call i32 @down_read_killable(%struct.rw_semaphore* %46) #76 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 environ_open ------------- Path:  Function:environ_open %3 = tail call %struct.mm_struct.177977* @proc_mem_open(%struct.inode.177941* %0, i32 1) #76 Function:proc_mem_open %3 = getelementptr %struct.inode.177941, %struct.inode.177941* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177739** %5 = load %struct.pid.177739*, %struct.pid.177739** %4, align 8 %6 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %5, i32 0) #76 %7 = icmp eq %struct.task_struct.178066* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177977* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177977* (%struct.task_struct.178066*, i32)*)(%struct.task_struct.178066* nonnull %6, i32 %9) #76 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 auxv_open ------------- Path:  Function:auxv_open %3 = tail call %struct.mm_struct.177977* @proc_mem_open(%struct.inode.177941* %0, i32 9) #76 Function:proc_mem_open %3 = getelementptr %struct.inode.177941, %struct.inode.177941* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177739** %5 = load %struct.pid.177739*, %struct.pid.177739** %4, align 8 %6 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %5, i32 0) #76 %7 = icmp eq %struct.task_struct.178066* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177977* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177977* (%struct.task_struct.178066*, i32)*)(%struct.task_struct.178066* nonnull %6, i32 %9) #76 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 mem_open ------------- Path:  Function:mem_open %3 = tail call %struct.mm_struct.177977* @proc_mem_open(%struct.inode.177941* %0, i32 2) #76 Function:proc_mem_open %3 = getelementptr %struct.inode.177941, %struct.inode.177941* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177739** %5 = load %struct.pid.177739*, %struct.pid.177739** %4, align 8 %6 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %5, i32 0) #76 %7 = icmp eq %struct.task_struct.178066* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177977* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177977* (%struct.task_struct.178066*, i32)*)(%struct.task_struct.178066* nonnull %6, i32 %9) #76 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 proc_pid_attr_open ------------- Path:  Function:proc_pid_attr_open %3 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %1, i64 0, i32 16 store i8* null, i8** %3, align 8 %4 = tail call %struct.mm_struct.177977* @proc_mem_open(%struct.inode.177941* %0, i32 9) #76 Function:proc_mem_open %3 = getelementptr %struct.inode.177941, %struct.inode.177941* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177739** %5 = load %struct.pid.177739*, %struct.pid.177739** %4, align 8 %6 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %5, i32 0) #76 %7 = icmp eq %struct.task_struct.178066* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177977* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177977* (%struct.task_struct.178066*, i32)*)(%struct.task_struct.178066* nonnull %6, i32 %9) #76 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 pagemap_open ------------- Path:  Function:pagemap_open %3 = tail call %struct.mm_struct* bitcast (%struct.mm_struct.177977* (%struct.inode.177941*, i32)* @proc_mem_open to %struct.mm_struct* (%struct.inode*, i32)*)(%struct.inode* %0, i32 1) #76 Function:proc_mem_open %3 = getelementptr %struct.inode.177941, %struct.inode.177941* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177739** %5 = load %struct.pid.177739*, %struct.pid.177739** %4, align 8 %6 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %5, i32 0) #76 %7 = icmp eq %struct.task_struct.178066* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177977* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177977* (%struct.task_struct.178066*, i32)*)(%struct.task_struct.178066* nonnull %6, i32 %9) #76 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #76 ------------- Good: 35 Bad: 10 Ignored: 62 Check Use of Function:sta_set_sinfo Check Use of Function:___ieee80211_stop_rx_ba_session Check Use of Function:tcf_chain_tp_delete_empty Check Use of Function:d_genocide Check Use of Function:find_extend_vma Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #76 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %221, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %188, %187 ] %28 = phi i64 [ 0, %15 ], [ %184, %187 ] %29 = phi i64 [ 0, %15 ], [ %185, %187 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #76 ------------- Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #76 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #76 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #76 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #76 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %221, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %188, %187 ] %28 = phi i64 [ 0, %15 ], [ %184, %187 ] %29 = phi i64 [ 0, %15 ], [ %185, %187 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #76 ------------- Good: 37 Bad: 2 Ignored: 28 Check Use of Function:proc_net_d_revalidate Check Use of Function:proc_misc_d_revalidate Check Use of Function:e1000_free_desc_rings Check Use of Function:local_bh_enable.71605 Check Use of Function:map_files_d_revalidate Check Use of Function:d_invalidate Check Use of Function:fsync_bdev Check Use of Function:tty_lock Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #77 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #76 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl 5 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #76 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl 5 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #76 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #76 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.361948*, %struct.tty_struct.361948*, %struct.file.361843*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #77 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.362008* %9 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %8, i64 0, i32 95 %10 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %10, i64 0, i32 24 %12 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %11, align 8 %13 = icmp eq %struct.tty_struct.361948* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #76 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.362008** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.362008**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.362008* %4 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 95 %5 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.362008, %struct.task_struct.362008* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #76 %14 = load %struct.signal_struct.361954*, %struct.signal_struct.361954** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.361954, %struct.signal_struct.361954* %14, i64 0, i32 24 %16 = load %struct.tty_struct.361948*, %struct.tty_struct.361948** %15, align 8 %17 = icmp eq %struct.tty_struct.361948* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #76 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.361948, %struct.tty_struct.361948* %16, i64 0, i32 3 %37 = load %struct.tty_driver.361942*, %struct.tty_driver.361942** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.361942, %struct.tty_driver.361942* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.361948*)*)(%struct.tty_struct.361948* nonnull %16) #76 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #76 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #76 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup 2 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !8 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #76 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #76 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !8 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #76 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #76 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !8 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #76 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #76 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #76 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #76 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #76 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup 2 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !8 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #76 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #76 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !8 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #76 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #76 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !8 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #76 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #76 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #76 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #76 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #76 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.361029*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #76 ------------- Good: 11 Bad: 15 Ignored: 26 Check Use of Function:do_truncate Check Use of Function:ieee80211_purge_tx_queue Check Use of Function:shmem_file_read_iter Check Use of Function:blkdev_get_by_dev Use: =BAD PATH= Call Stack: 0 blkdev_open ------------- Path:  Function:blkdev_open %3 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = or i32 %4, 32768 store i32 %5, i32* %3, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %1, i64 0, i32 8 %7 = load i32, i32* %6, align 4 %8 = and i32 %4, 2048 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 1207959552, i32 1207959616 %11 = or i32 %10, %7 %12 = and i32 %4, 128 %13 = or i32 %12, %11 %14 = and i32 %4, 3 %15 = icmp eq i32 %14, 3 %16 = or i32 %13, 256 %17 = select i1 %15, i32 %16, i32 %13 %18 = select i1 %15, i32 %16, i32 %13 store i32 %17, i32* %6, align 4 %19 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %0, i64 0, i32 13 %20 = load i32, i32* %19, align 4 %21 = bitcast %struct.file.294345* %1 to i8* %22 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (i32, i32, i8*)* @blkdev_get_by_dev to %struct.block_device.294278* (i32, i32, i8*)*)(i32 %20, i32 %18, i8* %21) #76 ------------- Good: 12 Bad: 1 Ignored: 3 Check Use of Function:vfs_open Check Use of Function:ring_buffer_discard_commit Check Use of Function:pin_kill Check Use of Function:ieee80211_flush_queues Check Use of Function:vfs_unlink Check Use of Function:ext4_lookup Check Use of Function:proc_lookupfd Check Use of Function:ieee80211_bss_info_change_notify Check Use of Function:ext4_rename_dir_prepare Check Use of Function:lookup_fast Check Use of Function:proc_lookupfdinfo Check Use of Function:simple_lookup Check Use of Function:drm_managed_release Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.448538** %5 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.381449* %9) #76 Function:drm_dev_put %2 = icmp eq %struct.drm_device.381449* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.381449* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.381449*)*, void (%struct.drm_device.381449*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.381449*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.381449* %16) #76 br label %24 tail call void bitcast (void (%struct.drm_device.407375*)* @drm_managed_release to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %16) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_minor_acquire 1 drm_open ------------- Path:  Function:drm_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 1048575 %6 = tail call %struct.drm_minor* @drm_minor_acquire(i32 %5) #76 Function:drm_minor_acquire %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0)) #76 %3 = zext i32 %0 to i64 %4 = tail call i8* @idr_find(%struct.idr* nonnull @drm_minors_idr, i64 %3) #76 %5 = icmp eq i8* %4, null br i1 %5, label %35, label %6 %7 = getelementptr inbounds i8, i8* %4, i64 16 %8 = bitcast i8* %7 to %struct.drm_device.381449** %9 = load %struct.drm_device.381449*, %struct.drm_device.381449** %8, align 8 %10 = icmp eq %struct.drm_device.381449* %9, null br i1 %10, label %23, label %11 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0), i64 %2) #76 %24 = load %struct.drm_device.381449*, %struct.drm_device.381449** %8, align 8 %25 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @drm_unplug_srcu) #76 %26 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %24, i64 0, i32 11 %27 = load i8, i8* %26, align 4, !range !8 %28 = icmp eq i8 %27, 0 %29 = icmp ugt i32 %25, 1 br i1 %28, label %32, label %30 br i1 %29, label %31, label %36, !prof !5, !misexpect !6 tail call void @__srcu_read_unlock(%struct.srcu_struct* nonnull @drm_unplug_srcu, i32 %25) #76 %37 = load %struct.drm_device.381449*, %struct.drm_device.381449** %8, align 8 %38 = icmp eq %struct.drm_device.381449* %37, null br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %37, i64 0, i32 1 %41 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0 %42 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !11 %44 = icmp eq i32 %43, 1 br i1 %44, label %50, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %51 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 -1 %52 = bitcast %struct.qspinlock* %51 to %struct.drm_device.381449* %53 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 11 %54 = bitcast %struct.qspinlock* %53 to %struct.drm_driver** %55 = load %struct.drm_driver*, %struct.drm_driver** %54, align 8 %56 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %55, i64 0, i32 5 %57 = load void (%struct.drm_device.381449*)*, void (%struct.drm_device.381449*)** %56, align 8 %58 = icmp eq void (%struct.drm_device.381449*)* %57, null br i1 %58, label %60, label %59 tail call void %57(%struct.drm_device.381449* %52) #76 br label %60 tail call void bitcast (void (%struct.drm_device.407375*)* @drm_managed_release to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %52) #76 ------------- Good: 11 Bad: 2 Ignored: 11 Check Use of Function:blk_queue_max_discard_sectors Check Use of Function:bad_inode_create Check Use of Function:cfg80211_ref_bss Check Use of Function:audit_inode_permission Check Use of Function:proc_task_lookup Check Use of Function:drm_client_dev_restore Check Use of Function:vfat_create Check Use of Function:shmem_create Check Use of Function:mod_delayed_work_on Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 kmalloc_large_node 12 __kmalloc_node 13 rb_alloc_aux 14 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114517, %struct.file.114517* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.114830** %5 = load %struct.perf_event.114830*, %struct.perf_event.114830** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.114999** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.114999**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.114999* %8 = getelementptr inbounds %struct.task_struct.114999, %struct.task_struct.114999* %7, i64 0, i32 85 %9 = load %struct.cred.114515*, %struct.cred.114515** %8, align 64 %10 = getelementptr inbounds %struct.cred.114515, %struct.cred.114515* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.114830*)*)(%struct.perf_event.114830* %5) #76 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.114803*, %struct.perf_event_context.114803** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.114803, %struct.perf_event_context.114803* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.114803*, %struct.perf_event_context.114803** %120, align 8 %122 = icmp eq %struct.perf_event_context.114803* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #76 %126 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #76 tail call void @mutex_lock(%struct.mutex* %125) #76 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.114999, %struct.task_struct.114999* %7, i64 0, i32 95 %172 = load %struct.signal_struct.114954*, %struct.signal_struct.114954** %171, align 32 %173 = getelementptr %struct.signal_struct.114954, %struct.signal_struct.114954* %172, i64 0, i32 49, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.114895, %struct.vm_area_struct.114895* %1, i64 0, i32 6 %177 = load %struct.mm_struct.114908*, %struct.mm_struct.114908** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.114908, %struct.mm_struct.114908* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.114830, %struct.perf_event.114830* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.114830*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.114830* %5, i64 %286, i32 %287, i64 %290, i32 %285) #76 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #76 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %29, !prof !4, !misexpect !5 %6 = tail call fastcc i8* @kmalloc_large_node(i64 %0, i32 %1, i32 %2) #76 Function:kmalloc_large_node %4 = add i64 %0, -1 %5 = lshr i64 %4, 12 %6 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %5, i32 -1) #4, !srcloc !4 %7 = add i32 %6, 1 %8 = or i32 %1, 262144 %9 = icmp eq i32 %2, -1 br i1 %9, label %10, label %12 %13 = phi i32 [ %11, %10 ], [ %2, %3 ] %14 = tail call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %8, i32 %7, i32 %13, %struct.cpumask* null) #76 Function:__alloc_pages %5 = alloca %struct.alloc_context.135690, align 8 %6 = bitcast %struct.alloc_context.135690* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.135557* %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.135521*], [0 x %struct.pglist_data.135521*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.135521*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 0 store %struct.zonelist.135517* %50, %struct.zonelist.135517** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #76 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.135517, %struct.zonelist.135517* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.135516* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 2 store %struct.zoneref.135516* %90, %struct.zoneref.135516** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %90, i64 0, i32 0 %93 = load %struct.zone.135525*, %struct.zone.135525** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.135525* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135675* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135690* nonnull %5) #77 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.135521* [ null, %4 ], [ %544, %543 ] %22 = phi i32 [ %2, %4 ], [ %545, %543 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %25, i64 0, i32 0 %27 = load %struct.zone.135525*, %struct.zone.135525** %26, align 8 %28 = icmp eq %struct.zone.135525* %27, null br i1 %28, label %541, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.135525* [ %539, %536 ], [ %27, %29 ] %48 = phi %struct.zoneref.135516* [ %537, %536 ], [ %25, %29 ] %49 = phi %struct.pglist_data.135521* [ %525, %536 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %74, i64 0, i32 0 %76 = load %struct.zone.135525*, %struct.zone.135525** %75, align 8 %77 = icmp eq %struct.zone.135525* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %524, label %233 %234 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %234, i64 0, i32 0 %236 = load %struct.zone.135525*, %struct.zone.135525** %235, align 8 %237 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #76 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %524, label %244 %245 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 5 %246 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.135521*, i32, i32)*)(%struct.pglist_data.135521* %246, i32 %0, i32 %1) #76 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #76 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #77 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #76 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %91 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %92 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #77 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %566, %685 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #76 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #76 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #76 %157 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #76 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #76 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #76 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #76 %217 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %218 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %699, label %694 %695 = load i64, i64* %71, align 16 %696 = load i64, i64* %72, align 8 %697 = add i64 %695, %226 %698 = add i64 %697, %696 br label %699 %700 = phi i64 [ %698, %694 ], [ %226, %225 ] %701 = load volatile i64, i64* %73, align 8 %702 = icmp eq i64 %701, 0 br i1 %702, label %708, label %703 %704 = load i64, i64* %74, align 16 %705 = load i64, i64* %75, align 8 %706 = add i64 %704, %700 %707 = add i64 %706, %705 br label %708 %709 = phi i64 [ %707, %703 ], [ %700, %699 ] %710 = load volatile i64, i64* %76, align 8 %711 = icmp eq i64 %710, 0 br i1 %711, label %717, label %712 %713 = load i64, i64* %77, align 16 %714 = load i64, i64* %78, align 8 %715 = add i64 %713, %709 %716 = add i64 %715, %714 br label %717 %718 = phi i64 [ %716, %712 ], [ %709, %708 ] %719 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #76 %720 = add i64 %217, %216 %721 = add i64 %720, %218 %722 = icmp ule i64 %721, %718 %723 = load i16, i16* %22, align 8 %724 = and i16 %723, 1 %725 = icmp eq i16 %724, 0 %726 = and i1 %722, %725 br i1 %726, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %717 ] %238 = and i16 %723, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #76 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #76 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %291 = phi i64 [ %283, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %727 %728 = load volatile i64, i64* %84, align 8 %729 = icmp eq i64 %728, 0 br i1 %729, label %735, label %730 %731 = load volatile i64, i64* %86, align 8 %732 = icmp sgt i64 %731, 0 %733 = select i1 %732, i64 %731, i64 0 %734 = add nuw i64 %733, %313 br label %735 %736 = phi i64 [ %734, %730 ], [ %313, %727 ] %737 = icmp eq i32 %301, 2 br i1 %737, label %315, label %738 %739 = load volatile i64, i64* %88, align 8 %740 = icmp eq i64 %739, 0 br i1 %740, label %746, label %741 %742 = load volatile i64, i64* %90, align 8 %743 = icmp sgt i64 %742, 0 %744 = select i1 %743, i64 %742, i64 0 %745 = add i64 %744, %736 br label %746 %747 = phi i64 [ %745, %741 ], [ %736, %738 ] %748 = icmp eq i32 %301, 3 br i1 %748, label %315, label %749 %750 = load volatile i64, i64* %92, align 8 %751 = icmp eq i64 %750, 0 br i1 %751, label %315, label %752 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %736, %735 ], [ %747, %746 ], [ %756, %752 ], [ %747, %749 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %457, label %467 %458 = load volatile i64, i64* %96, align 8 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %461 = load volatile i64, i64* %98, align 8 %462 = icmp sgt i64 %461, 0 %463 = select i1 %462, i64 %461, i64 0 br label %464 %465 = phi i64 [ %463, %460 ], [ 0, %457 ] %466 = icmp eq i32 %300, 0 br i1 %466, label %467, label %757 %758 = load volatile i64, i64* %100, align 8 %759 = icmp eq i64 %758, 0 br i1 %759, label %765, label %760 %761 = load volatile i64, i64* %102, align 8 %762 = icmp sgt i64 %761, 0 %763 = select i1 %762, i64 %761, i64 0 %764 = add nuw i64 %763, %465 br label %765 %766 = phi i64 [ %764, %760 ], [ %465, %757 ] %767 = icmp eq i32 %301, 2 br i1 %767, label %467, label %768 %769 = load volatile i64, i64* %104, align 8 %770 = icmp eq i64 %769, 0 br i1 %770, label %776, label %771 %772 = load volatile i64, i64* %106, align 8 %773 = icmp sgt i64 %772, 0 %774 = select i1 %773, i64 %772, i64 0 %775 = add i64 %774, %766 br label %776 %777 = phi i64 [ %775, %771 ], [ %766, %768 ] %778 = icmp eq i32 %301, 3 br i1 %778, label %467, label %779 %780 = load volatile i64, i64* %108, align 8 %781 = icmp eq i64 %780, 0 br i1 %781, label %467, label %782 %468 = phi i64 [ 0, %324 ], [ %465, %464 ], [ %766, %765 ], [ %777, %776 ], [ %786, %782 ], [ %777, %779 ] %469 = lshr i64 %468, %304 switch i32 %294, label %323 [ i32 0, label %475 i32 1, label %472 i32 3, label %470 i32 2, label %470 ] %473 = mul i64 %469, %291 %474 = udiv i64 %473, %295 br label %475 %476 = phi i64 [ %474, %472 ], [ %469, %467 ], [ %471, %470 ] store i64 %476, i64* %38, align 8 br i1 %298, label %477, label %487 %478 = load volatile i64, i64* %112, align 8 %479 = icmp eq i64 %478, 0 br i1 %479, label %484, label %480 %481 = load volatile i64, i64* %114, align 8 %482 = icmp sgt i64 %481, 0 %483 = select i1 %482, i64 %481, i64 0 br label %484 %485 = phi i64 [ %483, %480 ], [ 0, %477 ] %486 = icmp eq i32 %300, 0 br i1 %486, label %487, label %787 %788 = load volatile i64, i64* %116, align 8 %789 = icmp eq i64 %788, 0 br i1 %789, label %795, label %790 %791 = load volatile i64, i64* %118, align 8 %792 = icmp sgt i64 %791, 0 %793 = select i1 %792, i64 %791, i64 0 %794 = add nuw i64 %793, %485 br label %795 %796 = phi i64 [ %794, %790 ], [ %485, %787 ] %797 = icmp eq i32 %301, 2 br i1 %797, label %487, label %798 %799 = load volatile i64, i64* %120, align 8 %800 = icmp eq i64 %799, 0 br i1 %800, label %806, label %801 %802 = load volatile i64, i64* %122, align 8 %803 = icmp sgt i64 %802, 0 %804 = select i1 %803, i64 %802, i64 0 %805 = add i64 %804, %796 br label %806 %807 = phi i64 [ %805, %801 ], [ %796, %798 ] %808 = icmp eq i32 %301, 3 br i1 %808, label %487, label %809 %810 = load volatile i64, i64* %124, align 8 %811 = icmp eq i64 %810, 0 br i1 %811, label %487, label %812 %488 = phi i64 [ 0, %475 ], [ %485, %484 ], [ %796, %795 ], [ %807, %806 ], [ %816, %812 ], [ %807, %809 ] %489 = lshr i64 %488, %304 switch i32 %294, label %323 [ i32 0, label %495 i32 1, label %492 i32 3, label %490 i32 2, label %490 ] %493 = mul i64 %489, %290 %494 = udiv i64 %493, %295 br label %495 %496 = phi i64 [ %494, %492 ], [ %489, %487 ], [ %491, %490 ] store i64 %496, i64* %39, align 16 br i1 %298, label %497, label %507 %498 = load volatile i64, i64* %128, align 8 %499 = icmp eq i64 %498, 0 br i1 %499, label %504, label %500 %501 = load volatile i64, i64* %130, align 8 %502 = icmp sgt i64 %501, 0 %503 = select i1 %502, i64 %501, i64 0 br label %504 %505 = phi i64 [ %503, %500 ], [ 0, %497 ] %506 = icmp eq i32 %300, 0 br i1 %506, label %507, label %817 %818 = load volatile i64, i64* %132, align 8 %819 = icmp eq i64 %818, 0 br i1 %819, label %825, label %820 %821 = load volatile i64, i64* %134, align 8 %822 = icmp sgt i64 %821, 0 %823 = select i1 %822, i64 %821, i64 0 %824 = add nuw i64 %823, %505 br label %825 %826 = phi i64 [ %824, %820 ], [ %505, %817 ] %827 = icmp eq i32 %301, 2 br i1 %827, label %507, label %828 %829 = load volatile i64, i64* %136, align 8 %830 = icmp eq i64 %829, 0 br i1 %830, label %836, label %831 %832 = load volatile i64, i64* %138, align 8 %833 = icmp sgt i64 %832, 0 %834 = select i1 %833, i64 %832, i64 0 %835 = add i64 %834, %826 br label %836 %837 = phi i64 [ %835, %831 ], [ %826, %828 ] %838 = icmp eq i32 %301, 3 br i1 %838, label %507, label %839 %840 = load volatile i64, i64* %140, align 8 %841 = icmp eq i64 %840, 0 br i1 %841, label %507, label %842 %508 = phi i64 [ 0, %495 ], [ %505, %504 ], [ %826, %825 ], [ %837, %836 ], [ %846, %842 ], [ %837, %839 ] %509 = lshr i64 %508, %304 switch i32 %294, label %323 [ i32 0, label %515 i32 1, label %512 i32 3, label %510 i32 2, label %510 ] %513 = mul i64 %509, %290 %514 = udiv i64 %513, %295 br label %515 %516 = phi i64 [ %514, %512 ], [ %509, %507 ], [ %511, %510 ] store i64 %516, i64* %40, align 8 %517 = load i32, i32* %42, align 4 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #76 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %496, %325 %527 = or i64 %526, %516 %528 = icmp eq i64 %527, 0 br i1 %528, label %425, label %529 %530 = icmp eq i8 %302, 12 %531 = and i32 %517, 131072 %532 = icmp eq i32 %531, 0 %533 = and i1 %530, %532 %534 = zext i1 %533 to i8 br label %326 %327 = phi i64 [ %362, %417 ], [ 0, %529 ] %328 = phi i8 [ %418, %417 ], [ %534, %529 ] %329 = phi i64 [ %419, %417 ], [ %325, %529 ] br label %330 %331 = phi i64 [ %367, %365 ], [ %329, %326 ] %332 = phi i64 [ %363, %365 ], [ 0, %326 ] %333 = phi i64 [ %362, %365 ], [ %327, %326 ] %334 = icmp eq i64 %331, 0 br i1 %334, label %361, label %335 %336 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %332 %337 = icmp ult i64 %331, 32 %338 = select i1 %337, i64 %331, i64 32 %339 = sub i64 %331, %338 store i64 %339, i64* %336, align 8 %340 = trunc i64 %332 to i32 %341 = and i32 %340, 2147483645 %342 = icmp eq i32 %341, 1 br i1 %342, label %343, label %356 %357 = call fastcc i64 @shrink_inactive_list(i64 %338, %struct.lruvec* %11, %struct.scan_control* %1, i32 %340) #76 br label %358 %359 = phi i64 [ %357, %356 ], [ 0, %354 ], [ 0, %353 ] %360 = add i64 %359, %333 br label %361 %362 = phi i64 [ %360, %358 ], [ %333, %330 ] %363 = add nuw nsw i64 %332, 1 %364 = icmp eq i64 %363, 4 br i1 %364, label %368, label %365 %369 = call i32 @__cond_resched() #76 %370 = icmp uge i64 %362, %241 %371 = and i8 %328, 1 %372 = icmp eq i8 %371, 0 %373 = and i1 %372, %370 br i1 %373, label %374, label %417 %375 = load i64, i64* %39, align 16 %376 = load i64, i64* %40, align 8 %377 = add i64 %376, %375 %378 = load i64, i64* %33, align 16 %379 = load i64, i64* %38, align 8 %380 = add i64 %379, %378 %381 = icmp ne i64 %377, 0 %382 = icmp ne i64 %380, 0 %383 = and i1 %381, %382 br i1 %383, label %384, label %425 %385 = icmp ugt i64 %377, %380 %386 = select i1 %385, i64 %380, i64 %377 %387 = select i1 %385, i64 %525, i64 %521 %388 = select i1 %385, i32 2, i32 0 %389 = select i1 %385, i32 0, i32 2 %390 = mul i64 %386, 100 %391 = udiv i64 %390, %387 %392 = zext i32 %389 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 16 %394 = or i32 %389, 1 %395 = zext i32 %394 to i64 %396 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %395 store i64 0, i64* %396, align 8 %397 = zext i32 %388 to i64 %398 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %397 %399 = load i64, i64* %398, align 16 %400 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %397 %401 = load i64, i64* %400, align 16 %402 = sub i64 %399, %401 %403 = sub i64 100, %391 %404 = mul i64 %399, %403 %405 = udiv i64 %404, 100 store i64 %406, i64* %400, align 16 %407 = or i32 %388, 1 %408 = zext i32 %407 to i64 %409 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %408 %410 = load i64, i64* %409, align 8 %411 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %408 %412 = load i64, i64* %411, align 8 %413 = sub i64 %410, %412 %414 = mul i64 %410, %403 %415 = udiv i64 %414, 100 store i64 %416, i64* %411, align 8 br label %417 %418 = phi i8 [ 1, %384 ], [ %328, %368 ] %419 = load i64, i64* %33, align 16 %420 = load i64, i64* %40, align 8 %421 = load i64, i64* %39, align 16 %422 = or i64 %420, %419 %423 = or i64 %422, %421 %424 = icmp eq i64 %423, 0 br i1 %424, label %425, label %326 %426 = phi i64 [ 0, %515 ], [ %362, %374 ], [ %362, %417 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 get_task_io_context 16 set_task_ioprio 17 __se_sys_ioprio_set 18 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #76 %14 = load %struct.io_context.295170*, %struct.io_context.295170** %10, align 8 %15 = icmp eq %struct.io_context.295170* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295207* %0, i32 %1, i32 %2) #77 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #76 Function:__alloc_pages %5 = alloca %struct.alloc_context.135690, align 8 %6 = bitcast %struct.alloc_context.135690* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.135557* %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.135521*], [0 x %struct.pglist_data.135521*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.135521*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 0 store %struct.zonelist.135517* %50, %struct.zonelist.135517** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #76 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.135517, %struct.zonelist.135517* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.135516* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 2 store %struct.zoneref.135516* %90, %struct.zoneref.135516** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %90, i64 0, i32 0 %93 = load %struct.zone.135525*, %struct.zone.135525** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.135525* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135675* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135690* nonnull %5) #77 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.135521* [ null, %4 ], [ %544, %543 ] %22 = phi i32 [ %2, %4 ], [ %545, %543 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %25, i64 0, i32 0 %27 = load %struct.zone.135525*, %struct.zone.135525** %26, align 8 %28 = icmp eq %struct.zone.135525* %27, null br i1 %28, label %541, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.135525* [ %539, %536 ], [ %27, %29 ] %48 = phi %struct.zoneref.135516* [ %537, %536 ], [ %25, %29 ] %49 = phi %struct.pglist_data.135521* [ %525, %536 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %74, i64 0, i32 0 %76 = load %struct.zone.135525*, %struct.zone.135525** %75, align 8 %77 = icmp eq %struct.zone.135525* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %524, label %233 %234 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %234, i64 0, i32 0 %236 = load %struct.zone.135525*, %struct.zone.135525** %235, align 8 %237 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #76 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %524, label %244 %245 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 5 %246 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.135521*, i32, i32)*)(%struct.pglist_data.135521* %246, i32 %0, i32 %1) #76 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #76 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #77 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #76 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %91 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %92 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #77 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %566, %685 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #76 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #76 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #76 %157 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #76 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #76 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #76 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #76 %217 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %218 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %699, label %694 %695 = load i64, i64* %71, align 16 %696 = load i64, i64* %72, align 8 %697 = add i64 %695, %226 %698 = add i64 %697, %696 br label %699 %700 = phi i64 [ %698, %694 ], [ %226, %225 ] %701 = load volatile i64, i64* %73, align 8 %702 = icmp eq i64 %701, 0 br i1 %702, label %708, label %703 %704 = load i64, i64* %74, align 16 %705 = load i64, i64* %75, align 8 %706 = add i64 %704, %700 %707 = add i64 %706, %705 br label %708 %709 = phi i64 [ %707, %703 ], [ %700, %699 ] %710 = load volatile i64, i64* %76, align 8 %711 = icmp eq i64 %710, 0 br i1 %711, label %717, label %712 %713 = load i64, i64* %77, align 16 %714 = load i64, i64* %78, align 8 %715 = add i64 %713, %709 %716 = add i64 %715, %714 br label %717 %718 = phi i64 [ %716, %712 ], [ %709, %708 ] %719 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #76 %720 = add i64 %217, %216 %721 = add i64 %720, %218 %722 = icmp ule i64 %721, %718 %723 = load i16, i16* %22, align 8 %724 = and i16 %723, 1 %725 = icmp eq i16 %724, 0 %726 = and i1 %722, %725 br i1 %726, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %717 ] %238 = and i16 %723, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #76 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #76 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %291 = phi i64 [ %283, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %727 %728 = load volatile i64, i64* %84, align 8 %729 = icmp eq i64 %728, 0 br i1 %729, label %735, label %730 %731 = load volatile i64, i64* %86, align 8 %732 = icmp sgt i64 %731, 0 %733 = select i1 %732, i64 %731, i64 0 %734 = add nuw i64 %733, %313 br label %735 %736 = phi i64 [ %734, %730 ], [ %313, %727 ] %737 = icmp eq i32 %301, 2 br i1 %737, label %315, label %738 %739 = load volatile i64, i64* %88, align 8 %740 = icmp eq i64 %739, 0 br i1 %740, label %746, label %741 %742 = load volatile i64, i64* %90, align 8 %743 = icmp sgt i64 %742, 0 %744 = select i1 %743, i64 %742, i64 0 %745 = add i64 %744, %736 br label %746 %747 = phi i64 [ %745, %741 ], [ %736, %738 ] %748 = icmp eq i32 %301, 3 br i1 %748, label %315, label %749 %750 = load volatile i64, i64* %92, align 8 %751 = icmp eq i64 %750, 0 br i1 %751, label %315, label %752 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %736, %735 ], [ %747, %746 ], [ %756, %752 ], [ %747, %749 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %457, label %467 %458 = load volatile i64, i64* %96, align 8 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %461 = load volatile i64, i64* %98, align 8 %462 = icmp sgt i64 %461, 0 %463 = select i1 %462, i64 %461, i64 0 br label %464 %465 = phi i64 [ %463, %460 ], [ 0, %457 ] %466 = icmp eq i32 %300, 0 br i1 %466, label %467, label %757 %758 = load volatile i64, i64* %100, align 8 %759 = icmp eq i64 %758, 0 br i1 %759, label %765, label %760 %761 = load volatile i64, i64* %102, align 8 %762 = icmp sgt i64 %761, 0 %763 = select i1 %762, i64 %761, i64 0 %764 = add nuw i64 %763, %465 br label %765 %766 = phi i64 [ %764, %760 ], [ %465, %757 ] %767 = icmp eq i32 %301, 2 br i1 %767, label %467, label %768 %769 = load volatile i64, i64* %104, align 8 %770 = icmp eq i64 %769, 0 br i1 %770, label %776, label %771 %772 = load volatile i64, i64* %106, align 8 %773 = icmp sgt i64 %772, 0 %774 = select i1 %773, i64 %772, i64 0 %775 = add i64 %774, %766 br label %776 %777 = phi i64 [ %775, %771 ], [ %766, %768 ] %778 = icmp eq i32 %301, 3 br i1 %778, label %467, label %779 %780 = load volatile i64, i64* %108, align 8 %781 = icmp eq i64 %780, 0 br i1 %781, label %467, label %782 %468 = phi i64 [ 0, %324 ], [ %465, %464 ], [ %766, %765 ], [ %777, %776 ], [ %786, %782 ], [ %777, %779 ] %469 = lshr i64 %468, %304 switch i32 %294, label %323 [ i32 0, label %475 i32 1, label %472 i32 3, label %470 i32 2, label %470 ] %473 = mul i64 %469, %291 %474 = udiv i64 %473, %295 br label %475 %476 = phi i64 [ %474, %472 ], [ %469, %467 ], [ %471, %470 ] store i64 %476, i64* %38, align 8 br i1 %298, label %477, label %487 %478 = load volatile i64, i64* %112, align 8 %479 = icmp eq i64 %478, 0 br i1 %479, label %484, label %480 %481 = load volatile i64, i64* %114, align 8 %482 = icmp sgt i64 %481, 0 %483 = select i1 %482, i64 %481, i64 0 br label %484 %485 = phi i64 [ %483, %480 ], [ 0, %477 ] %486 = icmp eq i32 %300, 0 br i1 %486, label %487, label %787 %788 = load volatile i64, i64* %116, align 8 %789 = icmp eq i64 %788, 0 br i1 %789, label %795, label %790 %791 = load volatile i64, i64* %118, align 8 %792 = icmp sgt i64 %791, 0 %793 = select i1 %792, i64 %791, i64 0 %794 = add nuw i64 %793, %485 br label %795 %796 = phi i64 [ %794, %790 ], [ %485, %787 ] %797 = icmp eq i32 %301, 2 br i1 %797, label %487, label %798 %799 = load volatile i64, i64* %120, align 8 %800 = icmp eq i64 %799, 0 br i1 %800, label %806, label %801 %802 = load volatile i64, i64* %122, align 8 %803 = icmp sgt i64 %802, 0 %804 = select i1 %803, i64 %802, i64 0 %805 = add i64 %804, %796 br label %806 %807 = phi i64 [ %805, %801 ], [ %796, %798 ] %808 = icmp eq i32 %301, 3 br i1 %808, label %487, label %809 %810 = load volatile i64, i64* %124, align 8 %811 = icmp eq i64 %810, 0 br i1 %811, label %487, label %812 %488 = phi i64 [ 0, %475 ], [ %485, %484 ], [ %796, %795 ], [ %807, %806 ], [ %816, %812 ], [ %807, %809 ] %489 = lshr i64 %488, %304 switch i32 %294, label %323 [ i32 0, label %495 i32 1, label %492 i32 3, label %490 i32 2, label %490 ] %493 = mul i64 %489, %290 %494 = udiv i64 %493, %295 br label %495 %496 = phi i64 [ %494, %492 ], [ %489, %487 ], [ %491, %490 ] store i64 %496, i64* %39, align 16 br i1 %298, label %497, label %507 %498 = load volatile i64, i64* %128, align 8 %499 = icmp eq i64 %498, 0 br i1 %499, label %504, label %500 %501 = load volatile i64, i64* %130, align 8 %502 = icmp sgt i64 %501, 0 %503 = select i1 %502, i64 %501, i64 0 br label %504 %505 = phi i64 [ %503, %500 ], [ 0, %497 ] %506 = icmp eq i32 %300, 0 br i1 %506, label %507, label %817 %818 = load volatile i64, i64* %132, align 8 %819 = icmp eq i64 %818, 0 br i1 %819, label %825, label %820 %821 = load volatile i64, i64* %134, align 8 %822 = icmp sgt i64 %821, 0 %823 = select i1 %822, i64 %821, i64 0 %824 = add nuw i64 %823, %505 br label %825 %826 = phi i64 [ %824, %820 ], [ %505, %817 ] %827 = icmp eq i32 %301, 2 br i1 %827, label %507, label %828 %829 = load volatile i64, i64* %136, align 8 %830 = icmp eq i64 %829, 0 br i1 %830, label %836, label %831 %832 = load volatile i64, i64* %138, align 8 %833 = icmp sgt i64 %832, 0 %834 = select i1 %833, i64 %832, i64 0 %835 = add i64 %834, %826 br label %836 %837 = phi i64 [ %835, %831 ], [ %826, %828 ] %838 = icmp eq i32 %301, 3 br i1 %838, label %507, label %839 %840 = load volatile i64, i64* %140, align 8 %841 = icmp eq i64 %840, 0 br i1 %841, label %507, label %842 %508 = phi i64 [ 0, %495 ], [ %505, %504 ], [ %826, %825 ], [ %837, %836 ], [ %846, %842 ], [ %837, %839 ] %509 = lshr i64 %508, %304 switch i32 %294, label %323 [ i32 0, label %515 i32 1, label %512 i32 3, label %510 i32 2, label %510 ] %513 = mul i64 %509, %290 %514 = udiv i64 %513, %295 br label %515 %516 = phi i64 [ %514, %512 ], [ %509, %507 ], [ %511, %510 ] store i64 %516, i64* %40, align 8 %517 = load i32, i32* %42, align 4 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #76 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %496, %325 %527 = or i64 %526, %516 %528 = icmp eq i64 %527, 0 br i1 %528, label %425, label %529 %530 = icmp eq i8 %302, 12 %531 = and i32 %517, 131072 %532 = icmp eq i32 %531, 0 %533 = and i1 %530, %532 %534 = zext i1 %533 to i8 br label %326 %327 = phi i64 [ %362, %417 ], [ 0, %529 ] %328 = phi i8 [ %418, %417 ], [ %534, %529 ] %329 = phi i64 [ %419, %417 ], [ %325, %529 ] br label %330 %331 = phi i64 [ %367, %365 ], [ %329, %326 ] %332 = phi i64 [ %363, %365 ], [ 0, %326 ] %333 = phi i64 [ %362, %365 ], [ %327, %326 ] %334 = icmp eq i64 %331, 0 br i1 %334, label %361, label %335 %336 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %332 %337 = icmp ult i64 %331, 32 %338 = select i1 %337, i64 %331, i64 32 %339 = sub i64 %331, %338 store i64 %339, i64* %336, align 8 %340 = trunc i64 %332 to i32 %341 = and i32 %340, 2147483645 %342 = icmp eq i32 %341, 1 br i1 %342, label %343, label %356 %357 = call fastcc i64 @shrink_inactive_list(i64 %338, %struct.lruvec* %11, %struct.scan_control* %1, i32 %340) #76 br label %358 %359 = phi i64 [ %357, %356 ], [ 0, %354 ], [ 0, %353 ] %360 = add i64 %359, %333 br label %361 %362 = phi i64 [ %360, %358 ], [ %333, %330 ] %363 = add nuw nsw i64 %332, 1 %364 = icmp eq i64 %363, 4 br i1 %364, label %368, label %365 %369 = call i32 @__cond_resched() #76 %370 = icmp uge i64 %362, %241 %371 = and i8 %328, 1 %372 = icmp eq i8 %371, 0 %373 = and i1 %372, %370 br i1 %373, label %374, label %417 %375 = load i64, i64* %39, align 16 %376 = load i64, i64* %40, align 8 %377 = add i64 %376, %375 %378 = load i64, i64* %33, align 16 %379 = load i64, i64* %38, align 8 %380 = add i64 %379, %378 %381 = icmp ne i64 %377, 0 %382 = icmp ne i64 %380, 0 %383 = and i1 %381, %382 br i1 %383, label %384, label %425 %385 = icmp ugt i64 %377, %380 %386 = select i1 %385, i64 %380, i64 %377 %387 = select i1 %385, i64 %525, i64 %521 %388 = select i1 %385, i32 2, i32 0 %389 = select i1 %385, i32 0, i32 2 %390 = mul i64 %386, 100 %391 = udiv i64 %390, %387 %392 = zext i32 %389 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 16 %394 = or i32 %389, 1 %395 = zext i32 %394 to i64 %396 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %395 store i64 0, i64* %396, align 8 %397 = zext i32 %388 to i64 %398 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %397 %399 = load i64, i64* %398, align 16 %400 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %397 %401 = load i64, i64* %400, align 16 %402 = sub i64 %399, %401 %403 = sub i64 100, %391 %404 = mul i64 %399, %403 %405 = udiv i64 %404, 100 store i64 %406, i64* %400, align 16 %407 = or i32 %388, 1 %408 = zext i32 %407 to i64 %409 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %408 %410 = load i64, i64* %409, align 8 %411 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %408 %412 = load i64, i64* %411, align 8 %413 = sub i64 %410, %412 %414 = mul i64 %410, %403 %415 = udiv i64 %414, 100 store i64 %416, i64* %411, align 8 br label %417 %418 = phi i8 [ 1, %384 ], [ %328, %368 ] %419 = load i64, i64* %33, align 16 %420 = load i64, i64* %40, align 8 %421 = load i64, i64* %39, align 16 %422 = or i64 %420, %419 %423 = or i64 %422, %421 %424 = icmp eq i64 %423, 0 br i1 %424, label %425, label %326 %426 = phi i64 [ 0, %515 ], [ %362, %374 ], [ %362, %417 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 get_task_io_context 16 set_task_ioprio 17 __se_sys_ioprio_set 18 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #76 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [16 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #76 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #76 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #76 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295170* (%struct.task_struct.295207*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #76 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295207, %struct.task_struct.295207* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #76 %14 = load %struct.io_context.295170*, %struct.io_context.295170** %10, align 8 %15 = icmp eq %struct.io_context.295170* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295207* %0, i32 %1, i32 %2) #77 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #76 Function:__alloc_pages %5 = alloca %struct.alloc_context.135690, align 8 %6 = bitcast %struct.alloc_context.135690* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.135557* %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.135521*], [0 x %struct.pglist_data.135521*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.135521*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 0 store %struct.zonelist.135517* %50, %struct.zonelist.135517** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #76 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.135517, %struct.zonelist.135517* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.135516* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 2 store %struct.zoneref.135516* %90, %struct.zoneref.135516** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %90, i64 0, i32 0 %93 = load %struct.zone.135525*, %struct.zone.135525** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.135525* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135675* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135690* nonnull %5) #77 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.135521* [ null, %4 ], [ %544, %543 ] %22 = phi i32 [ %2, %4 ], [ %545, %543 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %25, i64 0, i32 0 %27 = load %struct.zone.135525*, %struct.zone.135525** %26, align 8 %28 = icmp eq %struct.zone.135525* %27, null br i1 %28, label %541, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.135525* [ %539, %536 ], [ %27, %29 ] %48 = phi %struct.zoneref.135516* [ %537, %536 ], [ %25, %29 ] %49 = phi %struct.pglist_data.135521* [ %525, %536 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %74, i64 0, i32 0 %76 = load %struct.zone.135525*, %struct.zone.135525** %75, align 8 %77 = icmp eq %struct.zone.135525* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %524, label %233 %234 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %234, i64 0, i32 0 %236 = load %struct.zone.135525*, %struct.zone.135525** %235, align 8 %237 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #76 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %524, label %244 %245 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 5 %246 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.135521*, i32, i32)*)(%struct.pglist_data.135521* %246, i32 %0, i32 %1) #76 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #76 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #77 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #76 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %91 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %92 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #77 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %566, %685 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #76 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #76 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #76 %157 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #76 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #76 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #76 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #76 %217 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %218 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %699, label %694 %695 = load i64, i64* %71, align 16 %696 = load i64, i64* %72, align 8 %697 = add i64 %695, %226 %698 = add i64 %697, %696 br label %699 %700 = phi i64 [ %698, %694 ], [ %226, %225 ] %701 = load volatile i64, i64* %73, align 8 %702 = icmp eq i64 %701, 0 br i1 %702, label %708, label %703 %704 = load i64, i64* %74, align 16 %705 = load i64, i64* %75, align 8 %706 = add i64 %704, %700 %707 = add i64 %706, %705 br label %708 %709 = phi i64 [ %707, %703 ], [ %700, %699 ] %710 = load volatile i64, i64* %76, align 8 %711 = icmp eq i64 %710, 0 br i1 %711, label %717, label %712 %713 = load i64, i64* %77, align 16 %714 = load i64, i64* %78, align 8 %715 = add i64 %713, %709 %716 = add i64 %715, %714 br label %717 %718 = phi i64 [ %716, %712 ], [ %709, %708 ] %719 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #76 %720 = add i64 %217, %216 %721 = add i64 %720, %218 %722 = icmp ule i64 %721, %718 %723 = load i16, i16* %22, align 8 %724 = and i16 %723, 1 %725 = icmp eq i16 %724, 0 %726 = and i1 %722, %725 br i1 %726, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %717 ] %238 = and i16 %723, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #76 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #76 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %291 = phi i64 [ %283, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %727 %728 = load volatile i64, i64* %84, align 8 %729 = icmp eq i64 %728, 0 br i1 %729, label %735, label %730 %731 = load volatile i64, i64* %86, align 8 %732 = icmp sgt i64 %731, 0 %733 = select i1 %732, i64 %731, i64 0 %734 = add nuw i64 %733, %313 br label %735 %736 = phi i64 [ %734, %730 ], [ %313, %727 ] %737 = icmp eq i32 %301, 2 br i1 %737, label %315, label %738 %739 = load volatile i64, i64* %88, align 8 %740 = icmp eq i64 %739, 0 br i1 %740, label %746, label %741 %742 = load volatile i64, i64* %90, align 8 %743 = icmp sgt i64 %742, 0 %744 = select i1 %743, i64 %742, i64 0 %745 = add i64 %744, %736 br label %746 %747 = phi i64 [ %745, %741 ], [ %736, %738 ] %748 = icmp eq i32 %301, 3 br i1 %748, label %315, label %749 %750 = load volatile i64, i64* %92, align 8 %751 = icmp eq i64 %750, 0 br i1 %751, label %315, label %752 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %736, %735 ], [ %747, %746 ], [ %756, %752 ], [ %747, %749 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %457, label %467 %458 = load volatile i64, i64* %96, align 8 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %461 = load volatile i64, i64* %98, align 8 %462 = icmp sgt i64 %461, 0 %463 = select i1 %462, i64 %461, i64 0 br label %464 %465 = phi i64 [ %463, %460 ], [ 0, %457 ] %466 = icmp eq i32 %300, 0 br i1 %466, label %467, label %757 %758 = load volatile i64, i64* %100, align 8 %759 = icmp eq i64 %758, 0 br i1 %759, label %765, label %760 %761 = load volatile i64, i64* %102, align 8 %762 = icmp sgt i64 %761, 0 %763 = select i1 %762, i64 %761, i64 0 %764 = add nuw i64 %763, %465 br label %765 %766 = phi i64 [ %764, %760 ], [ %465, %757 ] %767 = icmp eq i32 %301, 2 br i1 %767, label %467, label %768 %769 = load volatile i64, i64* %104, align 8 %770 = icmp eq i64 %769, 0 br i1 %770, label %776, label %771 %772 = load volatile i64, i64* %106, align 8 %773 = icmp sgt i64 %772, 0 %774 = select i1 %773, i64 %772, i64 0 %775 = add i64 %774, %766 br label %776 %777 = phi i64 [ %775, %771 ], [ %766, %768 ] %778 = icmp eq i32 %301, 3 br i1 %778, label %467, label %779 %780 = load volatile i64, i64* %108, align 8 %781 = icmp eq i64 %780, 0 br i1 %781, label %467, label %782 %468 = phi i64 [ 0, %324 ], [ %465, %464 ], [ %766, %765 ], [ %777, %776 ], [ %786, %782 ], [ %777, %779 ] %469 = lshr i64 %468, %304 switch i32 %294, label %323 [ i32 0, label %475 i32 1, label %472 i32 3, label %470 i32 2, label %470 ] %473 = mul i64 %469, %291 %474 = udiv i64 %473, %295 br label %475 %476 = phi i64 [ %474, %472 ], [ %469, %467 ], [ %471, %470 ] store i64 %476, i64* %38, align 8 br i1 %298, label %477, label %487 %478 = load volatile i64, i64* %112, align 8 %479 = icmp eq i64 %478, 0 br i1 %479, label %484, label %480 %481 = load volatile i64, i64* %114, align 8 %482 = icmp sgt i64 %481, 0 %483 = select i1 %482, i64 %481, i64 0 br label %484 %485 = phi i64 [ %483, %480 ], [ 0, %477 ] %486 = icmp eq i32 %300, 0 br i1 %486, label %487, label %787 %788 = load volatile i64, i64* %116, align 8 %789 = icmp eq i64 %788, 0 br i1 %789, label %795, label %790 %791 = load volatile i64, i64* %118, align 8 %792 = icmp sgt i64 %791, 0 %793 = select i1 %792, i64 %791, i64 0 %794 = add nuw i64 %793, %485 br label %795 %796 = phi i64 [ %794, %790 ], [ %485, %787 ] %797 = icmp eq i32 %301, 2 br i1 %797, label %487, label %798 %799 = load volatile i64, i64* %120, align 8 %800 = icmp eq i64 %799, 0 br i1 %800, label %806, label %801 %802 = load volatile i64, i64* %122, align 8 %803 = icmp sgt i64 %802, 0 %804 = select i1 %803, i64 %802, i64 0 %805 = add i64 %804, %796 br label %806 %807 = phi i64 [ %805, %801 ], [ %796, %798 ] %808 = icmp eq i32 %301, 3 br i1 %808, label %487, label %809 %810 = load volatile i64, i64* %124, align 8 %811 = icmp eq i64 %810, 0 br i1 %811, label %487, label %812 %488 = phi i64 [ 0, %475 ], [ %485, %484 ], [ %796, %795 ], [ %807, %806 ], [ %816, %812 ], [ %807, %809 ] %489 = lshr i64 %488, %304 switch i32 %294, label %323 [ i32 0, label %495 i32 1, label %492 i32 3, label %490 i32 2, label %490 ] %493 = mul i64 %489, %290 %494 = udiv i64 %493, %295 br label %495 %496 = phi i64 [ %494, %492 ], [ %489, %487 ], [ %491, %490 ] store i64 %496, i64* %39, align 16 br i1 %298, label %497, label %507 %498 = load volatile i64, i64* %128, align 8 %499 = icmp eq i64 %498, 0 br i1 %499, label %504, label %500 %501 = load volatile i64, i64* %130, align 8 %502 = icmp sgt i64 %501, 0 %503 = select i1 %502, i64 %501, i64 0 br label %504 %505 = phi i64 [ %503, %500 ], [ 0, %497 ] %506 = icmp eq i32 %300, 0 br i1 %506, label %507, label %817 %818 = load volatile i64, i64* %132, align 8 %819 = icmp eq i64 %818, 0 br i1 %819, label %825, label %820 %821 = load volatile i64, i64* %134, align 8 %822 = icmp sgt i64 %821, 0 %823 = select i1 %822, i64 %821, i64 0 %824 = add nuw i64 %823, %505 br label %825 %826 = phi i64 [ %824, %820 ], [ %505, %817 ] %827 = icmp eq i32 %301, 2 br i1 %827, label %507, label %828 %829 = load volatile i64, i64* %136, align 8 %830 = icmp eq i64 %829, 0 br i1 %830, label %836, label %831 %832 = load volatile i64, i64* %138, align 8 %833 = icmp sgt i64 %832, 0 %834 = select i1 %833, i64 %832, i64 0 %835 = add i64 %834, %826 br label %836 %837 = phi i64 [ %835, %831 ], [ %826, %828 ] %838 = icmp eq i32 %301, 3 br i1 %838, label %507, label %839 %840 = load volatile i64, i64* %140, align 8 %841 = icmp eq i64 %840, 0 br i1 %841, label %507, label %842 %508 = phi i64 [ 0, %495 ], [ %505, %504 ], [ %826, %825 ], [ %837, %836 ], [ %846, %842 ], [ %837, %839 ] %509 = lshr i64 %508, %304 switch i32 %294, label %323 [ i32 0, label %515 i32 1, label %512 i32 3, label %510 i32 2, label %510 ] %513 = mul i64 %509, %290 %514 = udiv i64 %513, %295 br label %515 %516 = phi i64 [ %514, %512 ], [ %509, %507 ], [ %511, %510 ] store i64 %516, i64* %40, align 8 %517 = load i32, i32* %42, align 4 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #76 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %496, %325 %527 = or i64 %526, %516 %528 = icmp eq i64 %527, 0 br i1 %528, label %425, label %529 %530 = icmp eq i8 %302, 12 %531 = and i32 %517, 131072 %532 = icmp eq i32 %531, 0 %533 = and i1 %530, %532 %534 = zext i1 %533 to i8 br label %326 %327 = phi i64 [ %362, %417 ], [ 0, %529 ] %328 = phi i8 [ %418, %417 ], [ %534, %529 ] %329 = phi i64 [ %419, %417 ], [ %325, %529 ] br label %330 %331 = phi i64 [ %367, %365 ], [ %329, %326 ] %332 = phi i64 [ %363, %365 ], [ 0, %326 ] %333 = phi i64 [ %362, %365 ], [ %327, %326 ] %334 = icmp eq i64 %331, 0 br i1 %334, label %361, label %335 %336 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %332 %337 = icmp ult i64 %331, 32 %338 = select i1 %337, i64 %331, i64 32 %339 = sub i64 %331, %338 store i64 %339, i64* %336, align 8 %340 = trunc i64 %332 to i32 %341 = and i32 %340, 2147483645 %342 = icmp eq i32 %341, 1 br i1 %342, label %343, label %356 %357 = call fastcc i64 @shrink_inactive_list(i64 %338, %struct.lruvec* %11, %struct.scan_control* %1, i32 %340) #76 br label %358 %359 = phi i64 [ %357, %356 ], [ 0, %354 ], [ 0, %353 ] %360 = add i64 %359, %333 br label %361 %362 = phi i64 [ %360, %358 ], [ %333, %330 ] %363 = add nuw nsw i64 %332, 1 %364 = icmp eq i64 %363, 4 br i1 %364, label %368, label %365 %369 = call i32 @__cond_resched() #76 %370 = icmp uge i64 %362, %241 %371 = and i8 %328, 1 %372 = icmp eq i8 %371, 0 %373 = and i1 %372, %370 br i1 %373, label %374, label %417 %375 = load i64, i64* %39, align 16 %376 = load i64, i64* %40, align 8 %377 = add i64 %376, %375 %378 = load i64, i64* %33, align 16 %379 = load i64, i64* %38, align 8 %380 = add i64 %379, %378 %381 = icmp ne i64 %377, 0 %382 = icmp ne i64 %380, 0 %383 = and i1 %381, %382 br i1 %383, label %384, label %425 %385 = icmp ugt i64 %377, %380 %386 = select i1 %385, i64 %380, i64 %377 %387 = select i1 %385, i64 %525, i64 %521 %388 = select i1 %385, i32 2, i32 0 %389 = select i1 %385, i32 0, i32 2 %390 = mul i64 %386, 100 %391 = udiv i64 %390, %387 %392 = zext i32 %389 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 16 %394 = or i32 %389, 1 %395 = zext i32 %394 to i64 %396 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %395 store i64 0, i64* %396, align 8 %397 = zext i32 %388 to i64 %398 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %397 %399 = load i64, i64* %398, align 16 %400 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %397 %401 = load i64, i64* %400, align 16 %402 = sub i64 %399, %401 %403 = sub i64 100, %391 %404 = mul i64 %399, %403 %405 = udiv i64 %404, 100 store i64 %406, i64* %400, align 16 %407 = or i32 %388, 1 %408 = zext i32 %407 to i64 %409 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %408 %410 = load i64, i64* %409, align 8 %411 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %408 %412 = load i64, i64* %411, align 8 %413 = sub i64 %410, %412 %414 = mul i64 %410, %403 %415 = udiv i64 %414, 100 store i64 %416, i64* %411, align 8 br label %417 %418 = phi i8 [ 1, %384 ], [ %328, %368 ] %419 = load i64, i64* %33, align 16 %420 = load i64, i64* %40, align 8 %421 = load i64, i64* %39, align 16 %422 = or i64 %420, %419 %423 = or i64 %422, %421 %424 = icmp eq i64 %423, 0 br i1 %424, label %425, label %326 %426 = phi i64 [ 0, %515 ], [ %362, %374 ], [ %362, %417 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 submit_bio_checks 16 __submit_bio 17 submit_bio_noacct 18 __blk_queue_split 19 blk_queue_split 20 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.700572*, align 8 store %struct.bio.700572* %0, %struct.bio.700572** %2, align 8 %3 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 1 %4 = load %struct.block_device.700569*, %struct.block_device.700569** %3, align 8 %5 = getelementptr inbounds %struct.block_device.700569, %struct.block_device.700569* %4, i64 0, i32 16 %6 = load %struct.gendisk.700393*, %struct.gendisk.700393** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.700393, %struct.gendisk.700393* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #76 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.700572, %struct.bio.700572* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.700572**)*)(%struct.bio.700572** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.295627* %0) #77 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = tail call i32 @__cond_resched() #76 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.295667* %12 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 2048 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 123 %178 = load %struct.io_context.295588*, %struct.io_context.295588** %177, align 8 %179 = icmp eq %struct.io_context.295588* %178, null br i1 %179, label %180, label %185, !prof !15, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295207*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.295667*, i32, i32)*)(%struct.task_struct.295667* %11, i32 2592, i32 %182) #76 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #76 Function:__alloc_pages %5 = alloca %struct.alloc_context.135690, align 8 %6 = bitcast %struct.alloc_context.135690* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.135557* %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.135521*], [0 x %struct.pglist_data.135521*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.135521*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 0 store %struct.zonelist.135517* %50, %struct.zonelist.135517** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #76 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.135517, %struct.zonelist.135517* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.135516* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 2 store %struct.zoneref.135516* %90, %struct.zoneref.135516** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %90, i64 0, i32 0 %93 = load %struct.zone.135525*, %struct.zone.135525** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.135525* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135675* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135690* nonnull %5) #77 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.135521* [ null, %4 ], [ %544, %543 ] %22 = phi i32 [ %2, %4 ], [ %545, %543 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %25, i64 0, i32 0 %27 = load %struct.zone.135525*, %struct.zone.135525** %26, align 8 %28 = icmp eq %struct.zone.135525* %27, null br i1 %28, label %541, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.135525* [ %539, %536 ], [ %27, %29 ] %48 = phi %struct.zoneref.135516* [ %537, %536 ], [ %25, %29 ] %49 = phi %struct.pglist_data.135521* [ %525, %536 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %74, i64 0, i32 0 %76 = load %struct.zone.135525*, %struct.zone.135525** %75, align 8 %77 = icmp eq %struct.zone.135525* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %524, label %233 %234 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %234, i64 0, i32 0 %236 = load %struct.zone.135525*, %struct.zone.135525** %235, align 8 %237 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #76 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %524, label %244 %245 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 5 %246 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.135521*, i32, i32)*)(%struct.pglist_data.135521* %246, i32 %0, i32 %1) #76 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #76 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #77 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #76 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %91 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %92 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #77 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %566, %685 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #76 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #76 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #76 %157 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #76 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #76 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #76 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #76 %217 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %218 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %699, label %694 %695 = load i64, i64* %71, align 16 %696 = load i64, i64* %72, align 8 %697 = add i64 %695, %226 %698 = add i64 %697, %696 br label %699 %700 = phi i64 [ %698, %694 ], [ %226, %225 ] %701 = load volatile i64, i64* %73, align 8 %702 = icmp eq i64 %701, 0 br i1 %702, label %708, label %703 %704 = load i64, i64* %74, align 16 %705 = load i64, i64* %75, align 8 %706 = add i64 %704, %700 %707 = add i64 %706, %705 br label %708 %709 = phi i64 [ %707, %703 ], [ %700, %699 ] %710 = load volatile i64, i64* %76, align 8 %711 = icmp eq i64 %710, 0 br i1 %711, label %717, label %712 %713 = load i64, i64* %77, align 16 %714 = load i64, i64* %78, align 8 %715 = add i64 %713, %709 %716 = add i64 %715, %714 br label %717 %718 = phi i64 [ %716, %712 ], [ %709, %708 ] %719 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #76 %720 = add i64 %217, %216 %721 = add i64 %720, %218 %722 = icmp ule i64 %721, %718 %723 = load i16, i16* %22, align 8 %724 = and i16 %723, 1 %725 = icmp eq i16 %724, 0 %726 = and i1 %722, %725 br i1 %726, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %717 ] %238 = and i16 %723, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #76 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #76 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %291 = phi i64 [ %283, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %727 %728 = load volatile i64, i64* %84, align 8 %729 = icmp eq i64 %728, 0 br i1 %729, label %735, label %730 %731 = load volatile i64, i64* %86, align 8 %732 = icmp sgt i64 %731, 0 %733 = select i1 %732, i64 %731, i64 0 %734 = add nuw i64 %733, %313 br label %735 %736 = phi i64 [ %734, %730 ], [ %313, %727 ] %737 = icmp eq i32 %301, 2 br i1 %737, label %315, label %738 %739 = load volatile i64, i64* %88, align 8 %740 = icmp eq i64 %739, 0 br i1 %740, label %746, label %741 %742 = load volatile i64, i64* %90, align 8 %743 = icmp sgt i64 %742, 0 %744 = select i1 %743, i64 %742, i64 0 %745 = add i64 %744, %736 br label %746 %747 = phi i64 [ %745, %741 ], [ %736, %738 ] %748 = icmp eq i32 %301, 3 br i1 %748, label %315, label %749 %750 = load volatile i64, i64* %92, align 8 %751 = icmp eq i64 %750, 0 br i1 %751, label %315, label %752 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %736, %735 ], [ %747, %746 ], [ %756, %752 ], [ %747, %749 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %457, label %467 %458 = load volatile i64, i64* %96, align 8 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %461 = load volatile i64, i64* %98, align 8 %462 = icmp sgt i64 %461, 0 %463 = select i1 %462, i64 %461, i64 0 br label %464 %465 = phi i64 [ %463, %460 ], [ 0, %457 ] %466 = icmp eq i32 %300, 0 br i1 %466, label %467, label %757 %758 = load volatile i64, i64* %100, align 8 %759 = icmp eq i64 %758, 0 br i1 %759, label %765, label %760 %761 = load volatile i64, i64* %102, align 8 %762 = icmp sgt i64 %761, 0 %763 = select i1 %762, i64 %761, i64 0 %764 = add nuw i64 %763, %465 br label %765 %766 = phi i64 [ %764, %760 ], [ %465, %757 ] %767 = icmp eq i32 %301, 2 br i1 %767, label %467, label %768 %769 = load volatile i64, i64* %104, align 8 %770 = icmp eq i64 %769, 0 br i1 %770, label %776, label %771 %772 = load volatile i64, i64* %106, align 8 %773 = icmp sgt i64 %772, 0 %774 = select i1 %773, i64 %772, i64 0 %775 = add i64 %774, %766 br label %776 %777 = phi i64 [ %775, %771 ], [ %766, %768 ] %778 = icmp eq i32 %301, 3 br i1 %778, label %467, label %779 %780 = load volatile i64, i64* %108, align 8 %781 = icmp eq i64 %780, 0 br i1 %781, label %467, label %782 %468 = phi i64 [ 0, %324 ], [ %465, %464 ], [ %766, %765 ], [ %777, %776 ], [ %786, %782 ], [ %777, %779 ] %469 = lshr i64 %468, %304 switch i32 %294, label %323 [ i32 0, label %475 i32 1, label %472 i32 3, label %470 i32 2, label %470 ] %473 = mul i64 %469, %291 %474 = udiv i64 %473, %295 br label %475 %476 = phi i64 [ %474, %472 ], [ %469, %467 ], [ %471, %470 ] store i64 %476, i64* %38, align 8 br i1 %298, label %477, label %487 %478 = load volatile i64, i64* %112, align 8 %479 = icmp eq i64 %478, 0 br i1 %479, label %484, label %480 %481 = load volatile i64, i64* %114, align 8 %482 = icmp sgt i64 %481, 0 %483 = select i1 %482, i64 %481, i64 0 br label %484 %485 = phi i64 [ %483, %480 ], [ 0, %477 ] %486 = icmp eq i32 %300, 0 br i1 %486, label %487, label %787 %788 = load volatile i64, i64* %116, align 8 %789 = icmp eq i64 %788, 0 br i1 %789, label %795, label %790 %791 = load volatile i64, i64* %118, align 8 %792 = icmp sgt i64 %791, 0 %793 = select i1 %792, i64 %791, i64 0 %794 = add nuw i64 %793, %485 br label %795 %796 = phi i64 [ %794, %790 ], [ %485, %787 ] %797 = icmp eq i32 %301, 2 br i1 %797, label %487, label %798 %799 = load volatile i64, i64* %120, align 8 %800 = icmp eq i64 %799, 0 br i1 %800, label %806, label %801 %802 = load volatile i64, i64* %122, align 8 %803 = icmp sgt i64 %802, 0 %804 = select i1 %803, i64 %802, i64 0 %805 = add i64 %804, %796 br label %806 %807 = phi i64 [ %805, %801 ], [ %796, %798 ] %808 = icmp eq i32 %301, 3 br i1 %808, label %487, label %809 %810 = load volatile i64, i64* %124, align 8 %811 = icmp eq i64 %810, 0 br i1 %811, label %487, label %812 %488 = phi i64 [ 0, %475 ], [ %485, %484 ], [ %796, %795 ], [ %807, %806 ], [ %816, %812 ], [ %807, %809 ] %489 = lshr i64 %488, %304 switch i32 %294, label %323 [ i32 0, label %495 i32 1, label %492 i32 3, label %490 i32 2, label %490 ] %493 = mul i64 %489, %290 %494 = udiv i64 %493, %295 br label %495 %496 = phi i64 [ %494, %492 ], [ %489, %487 ], [ %491, %490 ] store i64 %496, i64* %39, align 16 br i1 %298, label %497, label %507 %498 = load volatile i64, i64* %128, align 8 %499 = icmp eq i64 %498, 0 br i1 %499, label %504, label %500 %501 = load volatile i64, i64* %130, align 8 %502 = icmp sgt i64 %501, 0 %503 = select i1 %502, i64 %501, i64 0 br label %504 %505 = phi i64 [ %503, %500 ], [ 0, %497 ] %506 = icmp eq i32 %300, 0 br i1 %506, label %507, label %817 %818 = load volatile i64, i64* %132, align 8 %819 = icmp eq i64 %818, 0 br i1 %819, label %825, label %820 %821 = load volatile i64, i64* %134, align 8 %822 = icmp sgt i64 %821, 0 %823 = select i1 %822, i64 %821, i64 0 %824 = add nuw i64 %823, %505 br label %825 %826 = phi i64 [ %824, %820 ], [ %505, %817 ] %827 = icmp eq i32 %301, 2 br i1 %827, label %507, label %828 %829 = load volatile i64, i64* %136, align 8 %830 = icmp eq i64 %829, 0 br i1 %830, label %836, label %831 %832 = load volatile i64, i64* %138, align 8 %833 = icmp sgt i64 %832, 0 %834 = select i1 %833, i64 %832, i64 0 %835 = add i64 %834, %826 br label %836 %837 = phi i64 [ %835, %831 ], [ %826, %828 ] %838 = icmp eq i32 %301, 3 br i1 %838, label %507, label %839 %840 = load volatile i64, i64* %140, align 8 %841 = icmp eq i64 %840, 0 br i1 %841, label %507, label %842 %508 = phi i64 [ 0, %495 ], [ %505, %504 ], [ %826, %825 ], [ %837, %836 ], [ %846, %842 ], [ %837, %839 ] %509 = lshr i64 %508, %304 switch i32 %294, label %323 [ i32 0, label %515 i32 1, label %512 i32 3, label %510 i32 2, label %510 ] %513 = mul i64 %509, %290 %514 = udiv i64 %513, %295 br label %515 %516 = phi i64 [ %514, %512 ], [ %509, %507 ], [ %511, %510 ] store i64 %516, i64* %40, align 8 %517 = load i32, i32* %42, align 4 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #76 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %496, %325 %527 = or i64 %526, %516 %528 = icmp eq i64 %527, 0 br i1 %528, label %425, label %529 %530 = icmp eq i8 %302, 12 %531 = and i32 %517, 131072 %532 = icmp eq i32 %531, 0 %533 = and i1 %530, %532 %534 = zext i1 %533 to i8 br label %326 %327 = phi i64 [ %362, %417 ], [ 0, %529 ] %328 = phi i8 [ %418, %417 ], [ %534, %529 ] %329 = phi i64 [ %419, %417 ], [ %325, %529 ] br label %330 %331 = phi i64 [ %367, %365 ], [ %329, %326 ] %332 = phi i64 [ %363, %365 ], [ 0, %326 ] %333 = phi i64 [ %362, %365 ], [ %327, %326 ] %334 = icmp eq i64 %331, 0 br i1 %334, label %361, label %335 %336 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %332 %337 = icmp ult i64 %331, 32 %338 = select i1 %337, i64 %331, i64 32 %339 = sub i64 %331, %338 store i64 %339, i64* %336, align 8 %340 = trunc i64 %332 to i32 %341 = and i32 %340, 2147483645 %342 = icmp eq i32 %341, 1 br i1 %342, label %343, label %356 %357 = call fastcc i64 @shrink_inactive_list(i64 %338, %struct.lruvec* %11, %struct.scan_control* %1, i32 %340) #76 br label %358 %359 = phi i64 [ %357, %356 ], [ 0, %354 ], [ 0, %353 ] %360 = add i64 %359, %333 br label %361 %362 = phi i64 [ %360, %358 ], [ %333, %330 ] %363 = add nuw nsw i64 %332, 1 %364 = icmp eq i64 %363, 4 br i1 %364, label %368, label %365 %369 = call i32 @__cond_resched() #76 %370 = icmp uge i64 %362, %241 %371 = and i8 %328, 1 %372 = icmp eq i8 %371, 0 %373 = and i1 %372, %370 br i1 %373, label %374, label %417 %375 = load i64, i64* %39, align 16 %376 = load i64, i64* %40, align 8 %377 = add i64 %376, %375 %378 = load i64, i64* %33, align 16 %379 = load i64, i64* %38, align 8 %380 = add i64 %379, %378 %381 = icmp ne i64 %377, 0 %382 = icmp ne i64 %380, 0 %383 = and i1 %381, %382 br i1 %383, label %384, label %425 %385 = icmp ugt i64 %377, %380 %386 = select i1 %385, i64 %380, i64 %377 %387 = select i1 %385, i64 %525, i64 %521 %388 = select i1 %385, i32 2, i32 0 %389 = select i1 %385, i32 0, i32 2 %390 = mul i64 %386, 100 %391 = udiv i64 %390, %387 %392 = zext i32 %389 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 16 %394 = or i32 %389, 1 %395 = zext i32 %394 to i64 %396 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %395 store i64 0, i64* %396, align 8 %397 = zext i32 %388 to i64 %398 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %397 %399 = load i64, i64* %398, align 16 %400 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %397 %401 = load i64, i64* %400, align 16 %402 = sub i64 %399, %401 %403 = sub i64 100, %391 %404 = mul i64 %399, %403 %405 = udiv i64 %404, 100 store i64 %406, i64* %400, align 16 %407 = or i32 %388, 1 %408 = zext i32 %407 to i64 %409 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %408 %410 = load i64, i64* %409, align 8 %411 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %408 %412 = load i64, i64* %411, align 8 %413 = sub i64 %410, %412 %414 = mul i64 %410, %403 %415 = udiv i64 %414, 100 store i64 %416, i64* %411, align 8 br label %417 %418 = phi i8 [ 1, %384 ], [ %328, %368 ] %419 = load i64, i64* %33, align 16 %420 = load i64, i64* %40, align 8 %421 = load i64, i64* %39, align 16 %422 = or i64 %420, %419 %423 = or i64 %422, %421 %424 = icmp eq i64 %423, 0 br i1 %424, label %425, label %326 %426 = phi i64 [ 0, %515 ], [ %362, %374 ], [ %362, %417 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 submit_bio_checks 16 __submit_bio 17 submit_bio_noacct 18 __blk_queue_split 19 blk_queue_split 20 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.299652*, align 8 store %struct.bio.299652* %0, %struct.bio.299652** %2, align 8 %3 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.299652, %struct.bio.299652* %0, i64 0, i32 1 %8 = load %struct.block_device.299712*, %struct.block_device.299712** %7, align 8 %9 = getelementptr inbounds %struct.block_device.299712, %struct.block_device.299712* %8, i64 0, i32 16 %10 = load %struct.gendisk.299710*, %struct.gendisk.299710** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.294862**)* @blk_queue_split to void (%struct.bio.299652**)*)(%struct.bio.299652** nonnull %2) #76 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* call void @__blk_queue_split(%struct.bio.294862** %0, i32* nonnull %2) #76 Function:__blk_queue_split %3 = alloca %struct.bio_vec.294861, align 8 %4 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %5 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 1 %6 = load %struct.block_device.294859*, %struct.block_device.294859** %5, align 8 %7 = getelementptr inbounds %struct.block_device.294859, %struct.block_device.294859* %6, i64 0, i32 16 %8 = load %struct.gendisk.294687*, %struct.gendisk.294687** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.294687, %struct.gendisk.294687* %8, i64 0, i32 9 %10 = load %struct.request_queue.294711*, %struct.request_queue.294711** %9, align 8 %11 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.294711, %struct.request_queue.294711* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %343, label %78 %79 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %343 %84 = tail call %struct.bio.294862* @bio_split(%struct.bio.294862* %4, i32 %76, i32 3072, %struct.bio_set.294866* %74) #76 br label %314 %315 = phi %struct.bio.294862* [ %313, %312 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %316 = icmp eq %struct.bio.294862* %315, null br i1 %316, label %343, label %317 %318 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %315, i64 0, i32 2 %319 = load i32, i32* %318, align 8 %320 = or i32 %319, 16384 store i32 %320, i32* %318, align 8 %321 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 call void @bio_chain(%struct.bio.294862* nonnull %315, %struct.bio.294862* %321) #76 %322 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %323 = getelementptr inbounds %struct.bio.294862, %struct.bio.294862* %322, i64 0, i32 8, i32 0 %324 = load i64, i64* %323, align 8 %325 = trunc i64 %324 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %326)) #6 to label %340 [label %326], !srcloc !9 %341 = load %struct.bio.294862*, %struct.bio.294862** %0, align 8 %342 = call i32 bitcast (i32 (%struct.bio.295627*)* @submit_bio_noacct to i32 (%struct.bio.294862*)*)(%struct.bio.294862* %341) #76 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.295628], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 119 %6 = load %struct.bio_list.295628*, %struct.bio_list.295628** %5, align 8 %7 = icmp eq %struct.bio_list.295628* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %18 = load %struct.block_device.295624*, %struct.block_device.295624** %17, align 8 %19 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %18, i64 0, i32 16 %20 = load %struct.gendisk.295622*, %struct.gendisk.295622** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.295563*, %struct.block_device_operations.295563** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.295563, %struct.block_device_operations.295563* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.295627*)*, i32 (%struct.bio.295627*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.295627*)* %24, null %26 = bitcast [2 x %struct.bio_list.295628]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 0 %49 = load %struct.bio.295627*, %struct.bio.295627** %48, align 8 %50 = icmp eq %struct.bio.295627* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0 store %struct.bio_list.295628* %53, %struct.bio_list.295628** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.295628* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.295627** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.295628, %struct.bio_list.295628* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.295628], [2 x %struct.bio_list.295628]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.295627** %60 to i64* br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 %74 = phi %struct.bio.295627* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.295627* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.295627* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 0 %80 = load %struct.bio.295627*, %struct.bio.295627** %79, align 8 store %struct.bio.295627* %80, %struct.bio.295627** %56, align 16 %81 = icmp eq %struct.bio.295627* %80, null br i1 %81, label %82, label %83 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %83 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 %84 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %74, i64 0, i32 1 %85 = load %struct.block_device.295624*, %struct.block_device.295624** %84, align 8 %86 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %85, i64 0, i32 16 %87 = load %struct.gendisk.295622*, %struct.gendisk.295622** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %87, i64 0, i32 9 %89 = load %struct.request_queue.295614*, %struct.request_queue.295614** %88, align 8 %90 = icmp eq %struct.request_queue.295614* %69, %89 store %struct.bio.295627* null, %struct.bio.295627** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.295627* %103 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %102, i64 0, i32 0 store %struct.bio.295627* %74, %struct.bio.295627** %103, align 8 br label %104 %105 = phi %struct.bio.295627* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.295627* %74 to i64 br label %107 %108 = phi %struct.bio.295627* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.295627* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %113 = icmp eq %struct.bio.295627* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.295627* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %118 = icmp eq %struct.bio.295627* %117, null br i1 %118, label %121, label %119 store %struct.bio.295627* %108, %struct.bio.295627** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.295627* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %127 = icmp eq %struct.bio.295627* %126, null br i1 %127, label %130, label %128 store %struct.bio.295627* %110, %struct.bio.295627** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.295627*, %struct.bio.295627** %59, align 16 %134 = icmp eq %struct.bio.295627* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.295627*, %struct.bio.295627** %57, align 8 %137 = icmp eq %struct.bio.295627* %136, null br i1 %137, label %140, label %138 store %struct.bio.295627* %133, %struct.bio.295627** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.295627*, %struct.bio.295627** %56, align 16 %145 = icmp eq %struct.bio.295627* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %144, i64 0, i32 0 %148 = load %struct.bio.295627*, %struct.bio.295627** %147, align 8 store %struct.bio.295627* %148, %struct.bio.295627** %56, align 16 %149 = icmp eq %struct.bio.295627* %148, null br i1 %149, label %150, label %151 store %struct.bio.295627* null, %struct.bio.295627** %57, align 8 br label %151 store %struct.bio.295627* null, %struct.bio.295627** %147, align 8 br label %62 %63 = phi %struct.bio.295627* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %63, i64 0, i32 1 %65 = load %struct.block_device.295624*, %struct.block_device.295624** %64, align 8 %66 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %65, i64 0, i32 16 %67 = load %struct.gendisk.295622*, %struct.gendisk.295622** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %67, i64 0, i32 9 %69 = load %struct.request_queue.295614*, %struct.request_queue.295614** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.295627* %63) #76 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.295614* %8, i1 zeroext false) #76 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.295627* %0) #77 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 1 %4 = load %struct.block_device.295624*, %struct.block_device.295624** %3, align 8 %5 = getelementptr inbounds %struct.block_device.295624, %struct.block_device.295624* %4, i64 0, i32 16 %6 = load %struct.gendisk.295622*, %struct.gendisk.295622** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.295622, %struct.gendisk.295622* %6, i64 0, i32 9 %8 = load %struct.request_queue.295614*, %struct.request_queue.295614** %7, align 8 %9 = tail call i32 @__cond_resched() #76 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.295667* %12 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.295627, %struct.bio.295627* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 2048 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %11, i64 0, i32 123 %178 = load %struct.io_context.295588*, %struct.io_context.295588** %177, align 8 %179 = icmp eq %struct.io_context.295588* %178, null br i1 %179, label %180, label %185, !prof !15, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.295614, %struct.request_queue.295614* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295207*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.295667*, i32, i32)*)(%struct.task_struct.295667* %11, i32 2592, i32 %182) #76 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #76 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #76 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #76 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #76 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %221, %220 ] %22 = phi i32 [ %2, %5 ], [ %222, %220 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %224, %233 ], [ %224, %244 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %201, %233 ], [ %201, %244 ] %29 = phi i32 [ %22, %20 ], [ %197, %233 ], [ %197, %244 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %167 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %144 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %144 store %struct.page* null, %struct.page** %72, align 8 %138 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %139 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %138, i64 0, i32 4 %140 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %139) #6, !srcloc !21 %141 = and i64 %68, 512 %142 = icmp eq i64 %141, 0 br i1 %142, label %195, label %143 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %195 %196 = phi %struct.kmem_cache_cpu* [ %28, %193 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %143 ] %197 = phi i32 [ %168, %193 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %143 ] %198 = icmp eq i32 %197, -1 %199 = icmp ne i32 %197, -1 br label %200 %201 = phi %struct.kmem_cache_cpu* [ %286, %294 ], [ %196, %195 ] %202 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 3 %203 = load %struct.page*, %struct.page** %202, align 8 %204 = icmp eq %struct.page* %203, null br i1 %204, label %245, label %205 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %206 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %207 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 4 %209 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %208) #6, !srcloc !27 %210 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %201, i64 0, i32 2 %211 = load %struct.page*, %struct.page** %210, align 8 %212 = icmp eq %struct.page* %211, null br i1 %212, label %223, label %213, !prof !5, !misexpect !6 %224 = load %struct.page*, %struct.page** %202, align 8 %225 = icmp eq %struct.page* %224, null br i1 %225, label %226, label %233, !prof !29, !misexpect !6 %227 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %228 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %227, i64 0, i32 4 %229 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %228) #6, !srcloc !30 %230 = and i64 %206, 512 %231 = icmp eq i64 %230, 0 br i1 %231, label %245, label %232 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %245 br i1 %198, label %246, label %248 %247 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %248 %249 = phi i32 [ %247, %246 ], [ %197, %245 ] %250 = sext i32 %249 to i64 %251 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %250 %252 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %251, align 8 %253 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %252, %struct.page** nonnull %10, i32 %1) #76 %254 = icmp ne i8* %253, null %255 = or i1 %199, %254 br i1 %255, label %258, label %256 %259 = phi i8* [ %257, %256 ], [ %253, %248 ] %260 = icmp eq i8* %259, null br i1 %260, label %261, label %284 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %264, label %262, !prof !5, !misexpect !6 %263 = call i32 @kmalloc_fix_flags(i32 %1) #76 br label %264 %265 = phi i32 [ %263, %262 ], [ %1, %261 ] %266 = load void (i8*)*, void (i8*)** %16, align 8 %267 = icmp ne void (i8*)* %266, null %268 = and i32 %265, 256 %269 = icmp ne i32 %268, 0 %270 = and i1 %267, %269 br i1 %270, label %271, label %272, !prof !29, !misexpect !6 %273 = and i32 %265, 3927776 %274 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %273, i32 %197) #76 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #76 Function:__alloc_pages %5 = alloca %struct.alloc_context.135690, align 8 %6 = bitcast %struct.alloc_context.135690* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.135557* %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.135521*], [0 x %struct.pglist_data.135521*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.135521*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 0 store %struct.zonelist.135517* %50, %struct.zonelist.135517** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #76 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.135517, %struct.zonelist.135517* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.135516* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 2 store %struct.zoneref.135516* %90, %struct.zoneref.135516** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %90, i64 0, i32 0 %93 = load %struct.zone.135525*, %struct.zone.135525** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.135525* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135675* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135690* nonnull %5) #77 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.135521* [ null, %4 ], [ %544, %543 ] %22 = phi i32 [ %2, %4 ], [ %545, %543 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %25, i64 0, i32 0 %27 = load %struct.zone.135525*, %struct.zone.135525** %26, align 8 %28 = icmp eq %struct.zone.135525* %27, null br i1 %28, label %541, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.135525* [ %539, %536 ], [ %27, %29 ] %48 = phi %struct.zoneref.135516* [ %537, %536 ], [ %25, %29 ] %49 = phi %struct.pglist_data.135521* [ %525, %536 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %74, i64 0, i32 0 %76 = load %struct.zone.135525*, %struct.zone.135525** %75, align 8 %77 = icmp eq %struct.zone.135525* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %524, label %233 %234 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %234, i64 0, i32 0 %236 = load %struct.zone.135525*, %struct.zone.135525** %235, align 8 %237 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #76 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %524, label %244 %245 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 5 %246 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.135521*, i32, i32)*)(%struct.pglist_data.135521* %246, i32 %0, i32 %1) #76 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #76 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #77 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #76 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %91 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %92 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #77 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %566, %685 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #76 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #76 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #76 %157 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #76 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #76 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #76 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #76 %217 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %218 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %699, label %694 %695 = load i64, i64* %71, align 16 %696 = load i64, i64* %72, align 8 %697 = add i64 %695, %226 %698 = add i64 %697, %696 br label %699 %700 = phi i64 [ %698, %694 ], [ %226, %225 ] %701 = load volatile i64, i64* %73, align 8 %702 = icmp eq i64 %701, 0 br i1 %702, label %708, label %703 %704 = load i64, i64* %74, align 16 %705 = load i64, i64* %75, align 8 %706 = add i64 %704, %700 %707 = add i64 %706, %705 br label %708 %709 = phi i64 [ %707, %703 ], [ %700, %699 ] %710 = load volatile i64, i64* %76, align 8 %711 = icmp eq i64 %710, 0 br i1 %711, label %717, label %712 %713 = load i64, i64* %77, align 16 %714 = load i64, i64* %78, align 8 %715 = add i64 %713, %709 %716 = add i64 %715, %714 br label %717 %718 = phi i64 [ %716, %712 ], [ %709, %708 ] %719 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #76 %720 = add i64 %217, %216 %721 = add i64 %720, %218 %722 = icmp ule i64 %721, %718 %723 = load i16, i16* %22, align 8 %724 = and i16 %723, 1 %725 = icmp eq i16 %724, 0 %726 = and i1 %722, %725 br i1 %726, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %717 ] %238 = and i16 %723, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #76 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #76 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %291 = phi i64 [ %283, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %727 %728 = load volatile i64, i64* %84, align 8 %729 = icmp eq i64 %728, 0 br i1 %729, label %735, label %730 %731 = load volatile i64, i64* %86, align 8 %732 = icmp sgt i64 %731, 0 %733 = select i1 %732, i64 %731, i64 0 %734 = add nuw i64 %733, %313 br label %735 %736 = phi i64 [ %734, %730 ], [ %313, %727 ] %737 = icmp eq i32 %301, 2 br i1 %737, label %315, label %738 %739 = load volatile i64, i64* %88, align 8 %740 = icmp eq i64 %739, 0 br i1 %740, label %746, label %741 %742 = load volatile i64, i64* %90, align 8 %743 = icmp sgt i64 %742, 0 %744 = select i1 %743, i64 %742, i64 0 %745 = add i64 %744, %736 br label %746 %747 = phi i64 [ %745, %741 ], [ %736, %738 ] %748 = icmp eq i32 %301, 3 br i1 %748, label %315, label %749 %750 = load volatile i64, i64* %92, align 8 %751 = icmp eq i64 %750, 0 br i1 %751, label %315, label %752 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %736, %735 ], [ %747, %746 ], [ %756, %752 ], [ %747, %749 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %457, label %467 %458 = load volatile i64, i64* %96, align 8 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %461 = load volatile i64, i64* %98, align 8 %462 = icmp sgt i64 %461, 0 %463 = select i1 %462, i64 %461, i64 0 br label %464 %465 = phi i64 [ %463, %460 ], [ 0, %457 ] %466 = icmp eq i32 %300, 0 br i1 %466, label %467, label %757 %758 = load volatile i64, i64* %100, align 8 %759 = icmp eq i64 %758, 0 br i1 %759, label %765, label %760 %761 = load volatile i64, i64* %102, align 8 %762 = icmp sgt i64 %761, 0 %763 = select i1 %762, i64 %761, i64 0 %764 = add nuw i64 %763, %465 br label %765 %766 = phi i64 [ %764, %760 ], [ %465, %757 ] %767 = icmp eq i32 %301, 2 br i1 %767, label %467, label %768 %769 = load volatile i64, i64* %104, align 8 %770 = icmp eq i64 %769, 0 br i1 %770, label %776, label %771 %772 = load volatile i64, i64* %106, align 8 %773 = icmp sgt i64 %772, 0 %774 = select i1 %773, i64 %772, i64 0 %775 = add i64 %774, %766 br label %776 %777 = phi i64 [ %775, %771 ], [ %766, %768 ] %778 = icmp eq i32 %301, 3 br i1 %778, label %467, label %779 %780 = load volatile i64, i64* %108, align 8 %781 = icmp eq i64 %780, 0 br i1 %781, label %467, label %782 %468 = phi i64 [ 0, %324 ], [ %465, %464 ], [ %766, %765 ], [ %777, %776 ], [ %786, %782 ], [ %777, %779 ] %469 = lshr i64 %468, %304 switch i32 %294, label %323 [ i32 0, label %475 i32 1, label %472 i32 3, label %470 i32 2, label %470 ] %473 = mul i64 %469, %291 %474 = udiv i64 %473, %295 br label %475 %476 = phi i64 [ %474, %472 ], [ %469, %467 ], [ %471, %470 ] store i64 %476, i64* %38, align 8 br i1 %298, label %477, label %487 %478 = load volatile i64, i64* %112, align 8 %479 = icmp eq i64 %478, 0 br i1 %479, label %484, label %480 %481 = load volatile i64, i64* %114, align 8 %482 = icmp sgt i64 %481, 0 %483 = select i1 %482, i64 %481, i64 0 br label %484 %485 = phi i64 [ %483, %480 ], [ 0, %477 ] %486 = icmp eq i32 %300, 0 br i1 %486, label %487, label %787 %788 = load volatile i64, i64* %116, align 8 %789 = icmp eq i64 %788, 0 br i1 %789, label %795, label %790 %791 = load volatile i64, i64* %118, align 8 %792 = icmp sgt i64 %791, 0 %793 = select i1 %792, i64 %791, i64 0 %794 = add nuw i64 %793, %485 br label %795 %796 = phi i64 [ %794, %790 ], [ %485, %787 ] %797 = icmp eq i32 %301, 2 br i1 %797, label %487, label %798 %799 = load volatile i64, i64* %120, align 8 %800 = icmp eq i64 %799, 0 br i1 %800, label %806, label %801 %802 = load volatile i64, i64* %122, align 8 %803 = icmp sgt i64 %802, 0 %804 = select i1 %803, i64 %802, i64 0 %805 = add i64 %804, %796 br label %806 %807 = phi i64 [ %805, %801 ], [ %796, %798 ] %808 = icmp eq i32 %301, 3 br i1 %808, label %487, label %809 %810 = load volatile i64, i64* %124, align 8 %811 = icmp eq i64 %810, 0 br i1 %811, label %487, label %812 %488 = phi i64 [ 0, %475 ], [ %485, %484 ], [ %796, %795 ], [ %807, %806 ], [ %816, %812 ], [ %807, %809 ] %489 = lshr i64 %488, %304 switch i32 %294, label %323 [ i32 0, label %495 i32 1, label %492 i32 3, label %490 i32 2, label %490 ] %493 = mul i64 %489, %290 %494 = udiv i64 %493, %295 br label %495 %496 = phi i64 [ %494, %492 ], [ %489, %487 ], [ %491, %490 ] store i64 %496, i64* %39, align 16 br i1 %298, label %497, label %507 %498 = load volatile i64, i64* %128, align 8 %499 = icmp eq i64 %498, 0 br i1 %499, label %504, label %500 %501 = load volatile i64, i64* %130, align 8 %502 = icmp sgt i64 %501, 0 %503 = select i1 %502, i64 %501, i64 0 br label %504 %505 = phi i64 [ %503, %500 ], [ 0, %497 ] %506 = icmp eq i32 %300, 0 br i1 %506, label %507, label %817 %818 = load volatile i64, i64* %132, align 8 %819 = icmp eq i64 %818, 0 br i1 %819, label %825, label %820 %821 = load volatile i64, i64* %134, align 8 %822 = icmp sgt i64 %821, 0 %823 = select i1 %822, i64 %821, i64 0 %824 = add nuw i64 %823, %505 br label %825 %826 = phi i64 [ %824, %820 ], [ %505, %817 ] %827 = icmp eq i32 %301, 2 br i1 %827, label %507, label %828 %829 = load volatile i64, i64* %136, align 8 %830 = icmp eq i64 %829, 0 br i1 %830, label %836, label %831 %832 = load volatile i64, i64* %138, align 8 %833 = icmp sgt i64 %832, 0 %834 = select i1 %833, i64 %832, i64 0 %835 = add i64 %834, %826 br label %836 %837 = phi i64 [ %835, %831 ], [ %826, %828 ] %838 = icmp eq i32 %301, 3 br i1 %838, label %507, label %839 %840 = load volatile i64, i64* %140, align 8 %841 = icmp eq i64 %840, 0 br i1 %841, label %507, label %842 %508 = phi i64 [ 0, %495 ], [ %505, %504 ], [ %826, %825 ], [ %837, %836 ], [ %846, %842 ], [ %837, %839 ] %509 = lshr i64 %508, %304 switch i32 %294, label %323 [ i32 0, label %515 i32 1, label %512 i32 3, label %510 i32 2, label %510 ] %513 = mul i64 %509, %290 %514 = udiv i64 %513, %295 br label %515 %516 = phi i64 [ %514, %512 ], [ %509, %507 ], [ %511, %510 ] store i64 %516, i64* %40, align 8 %517 = load i32, i32* %42, align 4 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #76 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %496, %325 %527 = or i64 %526, %516 %528 = icmp eq i64 %527, 0 br i1 %528, label %425, label %529 %530 = icmp eq i8 %302, 12 %531 = and i32 %517, 131072 %532 = icmp eq i32 %531, 0 %533 = and i1 %530, %532 %534 = zext i1 %533 to i8 br label %326 %327 = phi i64 [ %362, %417 ], [ 0, %529 ] %328 = phi i8 [ %418, %417 ], [ %534, %529 ] %329 = phi i64 [ %419, %417 ], [ %325, %529 ] br label %330 %331 = phi i64 [ %367, %365 ], [ %329, %326 ] %332 = phi i64 [ %363, %365 ], [ 0, %326 ] %333 = phi i64 [ %362, %365 ], [ %327, %326 ] %334 = icmp eq i64 %331, 0 br i1 %334, label %361, label %335 %336 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %332 %337 = icmp ult i64 %331, 32 %338 = select i1 %337, i64 %331, i64 32 %339 = sub i64 %331, %338 store i64 %339, i64* %336, align 8 %340 = trunc i64 %332 to i32 %341 = and i32 %340, 2147483645 %342 = icmp eq i32 %341, 1 br i1 %342, label %343, label %356 %357 = call fastcc i64 @shrink_inactive_list(i64 %338, %struct.lruvec* %11, %struct.scan_control* %1, i32 %340) #76 br label %358 %359 = phi i64 [ %357, %356 ], [ 0, %354 ], [ 0, %353 ] %360 = add i64 %359, %333 br label %361 %362 = phi i64 [ %360, %358 ], [ %333, %330 ] %363 = add nuw nsw i64 %332, 1 %364 = icmp eq i64 %363, 4 br i1 %364, label %368, label %365 %369 = call i32 @__cond_resched() #76 %370 = icmp uge i64 %362, %241 %371 = and i8 %328, 1 %372 = icmp eq i8 %371, 0 %373 = and i1 %372, %370 br i1 %373, label %374, label %417 %375 = load i64, i64* %39, align 16 %376 = load i64, i64* %40, align 8 %377 = add i64 %376, %375 %378 = load i64, i64* %33, align 16 %379 = load i64, i64* %38, align 8 %380 = add i64 %379, %378 %381 = icmp ne i64 %377, 0 %382 = icmp ne i64 %380, 0 %383 = and i1 %381, %382 br i1 %383, label %384, label %425 %385 = icmp ugt i64 %377, %380 %386 = select i1 %385, i64 %380, i64 %377 %387 = select i1 %385, i64 %525, i64 %521 %388 = select i1 %385, i32 2, i32 0 %389 = select i1 %385, i32 0, i32 2 %390 = mul i64 %386, 100 %391 = udiv i64 %390, %387 %392 = zext i32 %389 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 16 %394 = or i32 %389, 1 %395 = zext i32 %394 to i64 %396 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %395 store i64 0, i64* %396, align 8 %397 = zext i32 %388 to i64 %398 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %397 %399 = load i64, i64* %398, align 16 %400 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %397 %401 = load i64, i64* %400, align 16 %402 = sub i64 %399, %401 %403 = sub i64 100, %391 %404 = mul i64 %399, %403 %405 = udiv i64 %404, 100 store i64 %406, i64* %400, align 16 %407 = or i32 %388, 1 %408 = zext i32 %407 to i64 %409 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %408 %410 = load i64, i64* %409, align 8 %411 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %408 %412 = load i64, i64* %411, align 8 %413 = sub i64 %410, %412 %414 = mul i64 %410, %403 %415 = udiv i64 %414, 100 store i64 %416, i64* %411, align 8 br label %417 %418 = phi i8 [ 1, %384 ], [ %328, %368 ] %419 = load i64, i64* %33, align 16 %420 = load i64, i64* %40, align 8 %421 = load i64, i64* %39, align 16 %422 = or i64 %420, %419 %423 = or i64 %422, %421 %424 = icmp eq i64 %423, 0 br i1 %424, label %425, label %326 %426 = phi i64 [ 0, %515 ], [ %362, %374 ], [ %362, %417 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 ring_buffer_alloc_read_page 12 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %112, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #76 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %26 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 7 %27 = load %struct.buffer_data_page*, %struct.buffer_data_page** %26, align 8 %28 = icmp eq %struct.buffer_data_page* %27, null br i1 %28, label %30, label %29 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = bitcast %struct.qspinlock* %17 to i8* store volatile i8 0, i8* %31, align 4 %32 = and i64 %16, 512 %33 = icmp eq i64 %32, 0 br i1 %33, label %35, label %34 br i1 %28, label %36, label %57 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (i32* @numa_node to i64) %40 = inttoptr i64 %39 to i32* %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, -1 br i1 %42, label %43, label %45 %46 = phi i32 [ %44, %43 ], [ %41, %36 ] %47 = call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 68800, i32 0, i32 %46, %struct.cpumask* null) #76 Function:__alloc_pages %5 = alloca %struct.alloc_context.135690, align 8 %6 = bitcast %struct.alloc_context.135690* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.135557* %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.135521*], [0 x %struct.pglist_data.135521*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.135521*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 0 store %struct.zonelist.135517* %50, %struct.zonelist.135517** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #76 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.135517, %struct.zonelist.135517* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.135521, %struct.pglist_data.135521* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.135516* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %5, i64 0, i32 2 store %struct.zoneref.135516* %90, %struct.zoneref.135516** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %90, i64 0, i32 0 %93 = load %struct.zone.135525*, %struct.zone.135525** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.135525* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135675* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135690* nonnull %5) #77 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135690, %struct.alloc_context.135690* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.135521* [ null, %4 ], [ %544, %543 ] %22 = phi i32 [ %2, %4 ], [ %545, %543 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %25, i64 0, i32 0 %27 = load %struct.zone.135525*, %struct.zone.135525** %26, align 8 %28 = icmp eq %struct.zone.135525* %27, null br i1 %28, label %541, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.135525* [ %539, %536 ], [ %27, %29 ] %48 = phi %struct.zoneref.135516* [ %537, %536 ], [ %25, %29 ] %49 = phi %struct.pglist_data.135521* [ %525, %536 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %74, i64 0, i32 0 %76 = load %struct.zone.135525*, %struct.zone.135525** %75, align 8 %77 = icmp eq %struct.zone.135525* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %524, label %233 %234 = load %struct.zoneref.135516*, %struct.zoneref.135516** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.135516, %struct.zoneref.135516* %234, i64 0, i32 0 %236 = load %struct.zone.135525*, %struct.zone.135525** %235, align 8 %237 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #76 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %524, label %244 %245 = getelementptr inbounds %struct.zone.135525, %struct.zone.135525* %47, i64 0, i32 5 %246 = load %struct.pglist_data.135521*, %struct.pglist_data.135521** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.135521*, i32, i32)*)(%struct.pglist_data.135521* %246, i32 %0, i32 %1) #76 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #76 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #77 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #76 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #76 %91 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %92 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #77 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %566, %685 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #76 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #76 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #76 %157 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #76 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #76 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #76 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #76 %217 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #76 %218 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #76 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %699, label %694 %695 = load i64, i64* %71, align 16 %696 = load i64, i64* %72, align 8 %697 = add i64 %695, %226 %698 = add i64 %697, %696 br label %699 %700 = phi i64 [ %698, %694 ], [ %226, %225 ] %701 = load volatile i64, i64* %73, align 8 %702 = icmp eq i64 %701, 0 br i1 %702, label %708, label %703 %704 = load i64, i64* %74, align 16 %705 = load i64, i64* %75, align 8 %706 = add i64 %704, %700 %707 = add i64 %706, %705 br label %708 %709 = phi i64 [ %707, %703 ], [ %700, %699 ] %710 = load volatile i64, i64* %76, align 8 %711 = icmp eq i64 %710, 0 br i1 %711, label %717, label %712 %713 = load i64, i64* %77, align 16 %714 = load i64, i64* %78, align 8 %715 = add i64 %713, %709 %716 = add i64 %715, %714 br label %717 %718 = phi i64 [ %716, %712 ], [ %709, %708 ] %719 = call i64 bitcast (i64 (%struct.pglist_data.123922*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #76 %720 = add i64 %217, %216 %721 = add i64 %720, %218 %722 = icmp ule i64 %721, %718 %723 = load i16, i16* %22, align 8 %724 = and i16 %723, 1 %725 = icmp eq i16 %724, 0 %726 = and i1 %722, %725 br i1 %726, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %717 ] %238 = and i16 %723, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #76 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #76 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %291 = phi i64 [ %283, %272 ], [ undef, %236 ], [ undef, %257 ], [ undef, %260 ], [ undef, %265 ], [ undef, %269 ], [ undef, %250 ], [ undef, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %727 %728 = load volatile i64, i64* %84, align 8 %729 = icmp eq i64 %728, 0 br i1 %729, label %735, label %730 %731 = load volatile i64, i64* %86, align 8 %732 = icmp sgt i64 %731, 0 %733 = select i1 %732, i64 %731, i64 0 %734 = add nuw i64 %733, %313 br label %735 %736 = phi i64 [ %734, %730 ], [ %313, %727 ] %737 = icmp eq i32 %301, 2 br i1 %737, label %315, label %738 %739 = load volatile i64, i64* %88, align 8 %740 = icmp eq i64 %739, 0 br i1 %740, label %746, label %741 %742 = load volatile i64, i64* %90, align 8 %743 = icmp sgt i64 %742, 0 %744 = select i1 %743, i64 %742, i64 0 %745 = add i64 %744, %736 br label %746 %747 = phi i64 [ %745, %741 ], [ %736, %738 ] %748 = icmp eq i32 %301, 3 br i1 %748, label %315, label %749 %750 = load volatile i64, i64* %92, align 8 %751 = icmp eq i64 %750, 0 br i1 %751, label %315, label %752 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %736, %735 ], [ %747, %746 ], [ %756, %752 ], [ %747, %749 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %457, label %467 %458 = load volatile i64, i64* %96, align 8 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %461 = load volatile i64, i64* %98, align 8 %462 = icmp sgt i64 %461, 0 %463 = select i1 %462, i64 %461, i64 0 br label %464 %465 = phi i64 [ %463, %460 ], [ 0, %457 ] %466 = icmp eq i32 %300, 0 br i1 %466, label %467, label %757 %758 = load volatile i64, i64* %100, align 8 %759 = icmp eq i64 %758, 0 br i1 %759, label %765, label %760 %761 = load volatile i64, i64* %102, align 8 %762 = icmp sgt i64 %761, 0 %763 = select i1 %762, i64 %761, i64 0 %764 = add nuw i64 %763, %465 br label %765 %766 = phi i64 [ %764, %760 ], [ %465, %757 ] %767 = icmp eq i32 %301, 2 br i1 %767, label %467, label %768 %769 = load volatile i64, i64* %104, align 8 %770 = icmp eq i64 %769, 0 br i1 %770, label %776, label %771 %772 = load volatile i64, i64* %106, align 8 %773 = icmp sgt i64 %772, 0 %774 = select i1 %773, i64 %772, i64 0 %775 = add i64 %774, %766 br label %776 %777 = phi i64 [ %775, %771 ], [ %766, %768 ] %778 = icmp eq i32 %301, 3 br i1 %778, label %467, label %779 %780 = load volatile i64, i64* %108, align 8 %781 = icmp eq i64 %780, 0 br i1 %781, label %467, label %782 %468 = phi i64 [ 0, %324 ], [ %465, %464 ], [ %766, %765 ], [ %777, %776 ], [ %786, %782 ], [ %777, %779 ] %469 = lshr i64 %468, %304 switch i32 %294, label %323 [ i32 0, label %475 i32 1, label %472 i32 3, label %470 i32 2, label %470 ] %473 = mul i64 %469, %291 %474 = udiv i64 %473, %295 br label %475 %476 = phi i64 [ %474, %472 ], [ %469, %467 ], [ %471, %470 ] store i64 %476, i64* %38, align 8 br i1 %298, label %477, label %487 %478 = load volatile i64, i64* %112, align 8 %479 = icmp eq i64 %478, 0 br i1 %479, label %484, label %480 %481 = load volatile i64, i64* %114, align 8 %482 = icmp sgt i64 %481, 0 %483 = select i1 %482, i64 %481, i64 0 br label %484 %485 = phi i64 [ %483, %480 ], [ 0, %477 ] %486 = icmp eq i32 %300, 0 br i1 %486, label %487, label %787 %788 = load volatile i64, i64* %116, align 8 %789 = icmp eq i64 %788, 0 br i1 %789, label %795, label %790 %791 = load volatile i64, i64* %118, align 8 %792 = icmp sgt i64 %791, 0 %793 = select i1 %792, i64 %791, i64 0 %794 = add nuw i64 %793, %485 br label %795 %796 = phi i64 [ %794, %790 ], [ %485, %787 ] %797 = icmp eq i32 %301, 2 br i1 %797, label %487, label %798 %799 = load volatile i64, i64* %120, align 8 %800 = icmp eq i64 %799, 0 br i1 %800, label %806, label %801 %802 = load volatile i64, i64* %122, align 8 %803 = icmp sgt i64 %802, 0 %804 = select i1 %803, i64 %802, i64 0 %805 = add i64 %804, %796 br label %806 %807 = phi i64 [ %805, %801 ], [ %796, %798 ] %808 = icmp eq i32 %301, 3 br i1 %808, label %487, label %809 %810 = load volatile i64, i64* %124, align 8 %811 = icmp eq i64 %810, 0 br i1 %811, label %487, label %812 %488 = phi i64 [ 0, %475 ], [ %485, %484 ], [ %796, %795 ], [ %807, %806 ], [ %816, %812 ], [ %807, %809 ] %489 = lshr i64 %488, %304 switch i32 %294, label %323 [ i32 0, label %495 i32 1, label %492 i32 3, label %490 i32 2, label %490 ] %493 = mul i64 %489, %290 %494 = udiv i64 %493, %295 br label %495 %496 = phi i64 [ %494, %492 ], [ %489, %487 ], [ %491, %490 ] store i64 %496, i64* %39, align 16 br i1 %298, label %497, label %507 %498 = load volatile i64, i64* %128, align 8 %499 = icmp eq i64 %498, 0 br i1 %499, label %504, label %500 %501 = load volatile i64, i64* %130, align 8 %502 = icmp sgt i64 %501, 0 %503 = select i1 %502, i64 %501, i64 0 br label %504 %505 = phi i64 [ %503, %500 ], [ 0, %497 ] %506 = icmp eq i32 %300, 0 br i1 %506, label %507, label %817 %818 = load volatile i64, i64* %132, align 8 %819 = icmp eq i64 %818, 0 br i1 %819, label %825, label %820 %821 = load volatile i64, i64* %134, align 8 %822 = icmp sgt i64 %821, 0 %823 = select i1 %822, i64 %821, i64 0 %824 = add nuw i64 %823, %505 br label %825 %826 = phi i64 [ %824, %820 ], [ %505, %817 ] %827 = icmp eq i32 %301, 2 br i1 %827, label %507, label %828 %829 = load volatile i64, i64* %136, align 8 %830 = icmp eq i64 %829, 0 br i1 %830, label %836, label %831 %832 = load volatile i64, i64* %138, align 8 %833 = icmp sgt i64 %832, 0 %834 = select i1 %833, i64 %832, i64 0 %835 = add i64 %834, %826 br label %836 %837 = phi i64 [ %835, %831 ], [ %826, %828 ] %838 = icmp eq i32 %301, 3 br i1 %838, label %507, label %839 %840 = load volatile i64, i64* %140, align 8 %841 = icmp eq i64 %840, 0 br i1 %841, label %507, label %842 %508 = phi i64 [ 0, %495 ], [ %505, %504 ], [ %826, %825 ], [ %837, %836 ], [ %846, %842 ], [ %837, %839 ] %509 = lshr i64 %508, %304 switch i32 %294, label %323 [ i32 0, label %515 i32 1, label %512 i32 3, label %510 i32 2, label %510 ] %513 = mul i64 %509, %290 %514 = udiv i64 %513, %295 br label %515 %516 = phi i64 [ %514, %512 ], [ %509, %507 ], [ %511, %510 ] store i64 %516, i64* %40, align 8 %517 = load i32, i32* %42, align 4 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #76 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %496, %325 %527 = or i64 %526, %516 %528 = icmp eq i64 %527, 0 br i1 %528, label %425, label %529 %530 = icmp eq i8 %302, 12 %531 = and i32 %517, 131072 %532 = icmp eq i32 %531, 0 %533 = and i1 %530, %532 %534 = zext i1 %533 to i8 br label %326 %327 = phi i64 [ %362, %417 ], [ 0, %529 ] %328 = phi i8 [ %418, %417 ], [ %534, %529 ] %329 = phi i64 [ %419, %417 ], [ %325, %529 ] br label %330 %331 = phi i64 [ %367, %365 ], [ %329, %326 ] %332 = phi i64 [ %363, %365 ], [ 0, %326 ] %333 = phi i64 [ %362, %365 ], [ %327, %326 ] %334 = icmp eq i64 %331, 0 br i1 %334, label %361, label %335 %336 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %332 %337 = icmp ult i64 %331, 32 %338 = select i1 %337, i64 %331, i64 32 %339 = sub i64 %331, %338 store i64 %339, i64* %336, align 8 %340 = trunc i64 %332 to i32 %341 = and i32 %340, 2147483645 %342 = icmp eq i32 %341, 1 br i1 %342, label %343, label %356 %357 = call fastcc i64 @shrink_inactive_list(i64 %338, %struct.lruvec* %11, %struct.scan_control* %1, i32 %340) #76 br label %358 %359 = phi i64 [ %357, %356 ], [ 0, %354 ], [ 0, %353 ] %360 = add i64 %359, %333 br label %361 %362 = phi i64 [ %360, %358 ], [ %333, %330 ] %363 = add nuw nsw i64 %332, 1 %364 = icmp eq i64 %363, 4 br i1 %364, label %368, label %365 %369 = call i32 @__cond_resched() #76 %370 = icmp uge i64 %362, %241 %371 = and i8 %328, 1 %372 = icmp eq i8 %371, 0 %373 = and i1 %372, %370 br i1 %373, label %374, label %417 %375 = load i64, i64* %39, align 16 %376 = load i64, i64* %40, align 8 %377 = add i64 %376, %375 %378 = load i64, i64* %33, align 16 %379 = load i64, i64* %38, align 8 %380 = add i64 %379, %378 %381 = icmp ne i64 %377, 0 %382 = icmp ne i64 %380, 0 %383 = and i1 %381, %382 br i1 %383, label %384, label %425 %385 = icmp ugt i64 %377, %380 %386 = select i1 %385, i64 %380, i64 %377 %387 = select i1 %385, i64 %525, i64 %521 %388 = select i1 %385, i32 2, i32 0 %389 = select i1 %385, i32 0, i32 2 %390 = mul i64 %386, 100 %391 = udiv i64 %390, %387 %392 = zext i32 %389 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 16 %394 = or i32 %389, 1 %395 = zext i32 %394 to i64 %396 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %395 store i64 0, i64* %396, align 8 %397 = zext i32 %388 to i64 %398 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %397 %399 = load i64, i64* %398, align 16 %400 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %397 %401 = load i64, i64* %400, align 16 %402 = sub i64 %399, %401 %403 = sub i64 100, %391 %404 = mul i64 %399, %403 %405 = udiv i64 %404, 100 store i64 %406, i64* %400, align 16 %407 = or i32 %388, 1 %408 = zext i32 %407 to i64 %409 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %408 %410 = load i64, i64* %409, align 8 %411 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %408 %412 = load i64, i64* %411, align 8 %413 = sub i64 %410, %412 %414 = mul i64 %410, %403 %415 = udiv i64 %414, 100 store i64 %416, i64* %411, align 8 br label %417 %418 = phi i8 [ 1, %384 ], [ %328, %368 ] %419 = load i64, i64* %33, align 16 %420 = load i64, i64* %40, align 8 %421 = load i64, i64* %39, align 16 %422 = or i64 %420, %419 %423 = or i64 %422, %421 %424 = icmp eq i64 %423, 0 br i1 %424, label %425, label %326 %426 = phi i64 [ 0, %515 ], [ %362, %374 ], [ %362, %417 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 do_madvise 7 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %12) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 do_madvise 7 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %12) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 __se_sys_io_submit 7 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #76 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #76 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 __se_sys_io_submit 7 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #76 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #76 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %82, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #76 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %82, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 64 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i32, i64 } %33, 0 %35 = extractvalue { i32*, i32, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i32, i64 } %33, 1 %41 = zext i32 %40 to i64 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void @blk_finish_plug(%struct.blk_plug* nonnull %2) #76 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295667**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.295667* %5 = getelementptr inbounds %struct.task_struct.295667, %struct.task_struct.295667* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #76 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 blk_poll 7 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %8) #76 %10 = getelementptr inbounds %struct.block_device.294278, %struct.block_device.294278* %9, i64 0, i32 16 %11 = load %struct.gendisk.294276*, %struct.gendisk.294276** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.294276, %struct.gendisk.294276* %11, i64 0, i32 9 %13 = load %struct.request_queue.294268*, %struct.request_queue.294268** %12, align 8 %14 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 7 %15 = bitcast %union.anon.69.294022* %14 to i32* %16 = load volatile i32, i32* %15, align 8 %17 = tail call i32 bitcast (i32 (%struct.request_queue.299702*, i32, i1)* @blk_poll to i32 (%struct.request_queue.294268*, i32, i1)*)(%struct.request_queue.294268* %13, i32 %16, i1 zeroext %1) #76 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.299866, align 8 %5 = icmp eq i32 %1, -1 br i1 %5, label %197, label %6 %7 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %0, i64 0, i32 11 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %197, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.299865** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.299865**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.299865* %14 = getelementptr inbounds %struct.task_struct.299865, %struct.task_struct.299865* %13, i64 0, i32 120 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 16 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %15, i1 zeroext false) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 _nfs4_do_setattr 11 nfs4_do_setattr 12 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #76 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236617** %24 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236617* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236617* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236617* %31, %struct.nfs4_label* null) #77 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236590** %15 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236617* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236616* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236616* %22, %struct.nfs4_state.236616** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %44, align 1 %45 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = and i32 %46, 6145 %48 = icmp eq i32 %47, 0 %49 = select i1 %48, i64 256, i64 131328 %50 = and i32 %46, 6 %51 = icmp eq i32 %50, 0 %52 = or i64 %49, 4096 %53 = select i1 %51, i64 %49, i64 %52 %54 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 35, i64 0 %55 = bitcast i32* %54 to i8* %56 = icmp eq %struct.inode* %0, null %57 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %58 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %57, i64 9, i32 1 %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.236616* %22, null %62 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %22, i64 0, i32 13 br label %63 br i1 %56, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236617* %4) #77 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236590** %14 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #76 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 @nfs4_copy_delegation_stateid(%struct.inode* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #76 br i1 %36, label %62, label %37 %38 = icmp eq %struct.nfs_open_context.236617* %4, null br i1 %38, label %57, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %40, align 8 %42 = icmp eq %struct.nfs4_state.236616* %41, null br i1 %42, label %57, label %43 %44 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %156 %49 = call %struct.nfs_lock_context.236618* bitcast (%struct.nfs_lock_context.217463* (%struct.nfs_open_context.217462*)* @nfs_get_lock_context to %struct.nfs_lock_context.236618* (%struct.nfs_open_context.236617*)*)(%struct.nfs_open_context.236617* nonnull %4) #76 %50 = icmp ugt %struct.nfs_lock_context.236618* %49, inttoptr (i64 -4096 to %struct.nfs_lock_context.236618*) br i1 %50, label %51, label %54 %55 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %40, align 8 %56 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %55, i32 2, %struct.nfs_lock_context.236618* %49, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #76 call void bitcast (void (%struct.nfs_lock_context.217463*)* @nfs_put_lock_context to void (%struct.nfs_lock_context.236618*)*)(%struct.nfs_lock_context.236618* %49) #76 switch i32 %56, label %62 [ i32 -5, label %156 i32 -11, label %57 ] %63 = load %struct.cred*, %struct.cred** %9, align 8 %64 = icmp eq %struct.cred* %63, null br i1 %64, label %66, label %65 %67 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %14, i64 0, i32 3 %68 = bitcast %struct.rpc_clnt** %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0 %71 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0 %72 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %72, align 8 %73 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 1 %74 = load i8, i8* %73, align 8 %75 = and i8 %74, -4 %76 = or i8 %75, 1 store i8 %76, i8* %73, align 8 %77 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %77, align 8 %78 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %14, i64 0, i32 0 %79 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %78, align 8 %80 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %79, i64 0, i32 15 %81 = load i32, i32* %80, align 8 %82 = icmp eq i32 %81, 0 %83 = select i1 %82, i16 0, i16 4 %84 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %85 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 store %struct.nfs_server.236590* %14, %struct.nfs_server.236590** %85, align 8 %86 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 store %struct.nfs4_sequence_args.236601* %70, %struct.nfs4_sequence_args.236601** %86, align 8 %87 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 store %struct.nfs4_sequence_res.236603* %71, %struct.nfs4_sequence_res.236603** %87, align 8 %88 = bitcast %struct.rpc_task_setup* %7 to i8* %89 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %89, align 8 %90 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %91 = bitcast %struct.rpc_clnt** %90 to i64* store i64 %69, i64* %91, align 8 %92 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %93 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %94 = bitcast %struct.rpc_xprt** %92 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %93, align 8 %95 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %96 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %79, i64 0, i32 31 %97 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %96, align 8 %98 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %97, i64 0, i32 10 %99 = bitcast %struct.rpc_call_ops** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.rpc_call_ops** %95 to i64* store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %103 = bitcast i8** %102 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %103, align 8 %104 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %104, align 8 %105 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 store i16 %83, i16* %105, align 8 %106 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 store i8 0, i8* %106, align 2 %107 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_server_capabilities 11 nfs4_proc_get_root ------------- Path:  Function:nfs4_proc_get_root %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %5, i64 0, i32 24 %7 = load %struct.nfs4_label*, %struct.nfs4_label** %6, align 8 %8 = tail call i32 @nfs4_server_capabilities(%struct.nfs_server.236590* %0, %struct.nfs_fh* %1) #76 Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 10 %62 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %65 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 36 %67 = bitcast [3 x i32]* %66 to i8* %68 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 36, i64 2 %69 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 38, i64 0 %70 = bitcast [3 x i32]* %58 to i64* %71 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 38, i64 1 %72 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 38, i64 2 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %75 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %76 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 37, i64 0 %77 = bitcast i32* %76 to i8* %78 = bitcast i32* %73 to i8* %79 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 39 %80 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %81 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 40 %82 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %83 store i64 0, i64* %14, align 4 %84 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %15, align 8 %85 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %84, i64 0, i32 15 %86 = load i32, i32* %85, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 30), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %89, label %88 store i32 2048, i32* %29, align 4 br label %89 %90 = phi i16 [ 0, %83 ], [ 4, %88 ] %91 = load i64, i64* %31, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %35, align 8 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %37, align 8 store %struct.nfs4_sequence_args.236601* %17, %struct.nfs4_sequence_args.236601** %38, align 8 store %struct.nfs4_sequence_res.236603* %32, %struct.nfs4_sequence_res.236603** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %91, i64* %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %45, align 8 %92 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %84, i64 0, i32 31 %93 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %92, align 8 %94 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %93, i64 0, i32 10 %95 = bitcast %struct.rpc_call_ops** %94 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %90, i16* %52, align 8 store i8 0, i8* %53, align 2 %97 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_server_capabilities ------------- Path:  Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 10 %62 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %65 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 36 %67 = bitcast [3 x i32]* %66 to i8* %68 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 36, i64 2 %69 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 38, i64 0 %70 = bitcast [3 x i32]* %58 to i64* %71 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 38, i64 1 %72 = getelementptr %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 38, i64 2 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %75 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %76 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 37, i64 0 %77 = bitcast i32* %76 to i8* %78 = bitcast i32* %73 to i8* %79 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 39 %80 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %81 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 40 %82 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %83 store i64 0, i64* %14, align 4 %84 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %15, align 8 %85 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %84, i64 0, i32 15 %86 = load i32, i32* %85, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 30), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %89, label %88 store i32 2048, i32* %29, align 4 br label %89 %90 = phi i16 [ 0, %83 ], [ 4, %88 ] %91 = load i64, i64* %31, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %35, align 8 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %37, align 8 store %struct.nfs4_sequence_args.236601* %17, %struct.nfs4_sequence_args.236601** %38, align 8 store %struct.nfs4_sequence_res.236603* %32, %struct.nfs4_sequence_res.236603** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %91, i64* %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %45, align 8 %92 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %84, i64 0, i32 31 %93 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %92, align 8 %94 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %93, i64 0, i32 10 %95 = bitcast %struct.rpc_call_ops** %94 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %90, i16* %52, align 8 store i8 0, i8* %53, align 2 %97 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 %60 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %60) #76 %61 = load i64, i64* %28, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %30, align 8 %62 = load i8, i8* %31, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %31, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %32, align 8 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %33, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 15 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 %68 = select i1 %67, i16 0, i16 4 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %35, align 8 store %struct.nfs4_sequence_args.236601* %25, %struct.nfs4_sequence_args.236601** %36, align 8 store %struct.nfs4_sequence_res.236603* %29, %struct.nfs4_sequence_res.236603** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %61, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %69 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %68, i16* %50, align 8 store i8 0, i8* %51, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_do_fsinfo 11 nfs4_proc_fsinfo ------------- Path:  Function:nfs4_proc_fsinfo %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %5) #76 %6 = tail call fastcc i32 @nfs4_do_fsinfo(%struct.nfs_server.236590* %0, %struct.nfs_fh* %1, %struct.nfs_fsinfo* %2) #77 Function:nfs4_do_fsinfo %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_fsinfo_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %17 = bitcast %struct.nfs4_fsinfo_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 1 %19 = bitcast i64* %18 to i8* %20 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_fsinfo_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %45 = bitcast %struct.rpc_xprt** %43 to i8* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %53 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 %57 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %34, align 8 %58 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %57, i64 0, i32 15 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 %61 = select i1 %60, i16 0, i16 4 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %36, align 8 store %struct.nfs4_sequence_args.236601* %13, %struct.nfs4_sequence_args.236601** %37, align 8 store %struct.nfs4_sequence_res.236603* %30, %struct.nfs4_sequence_res.236603** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %62 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %57, i64 0, i32 31 %63 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %62, align 8 %64 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %63, i64 0, i32 10 %65 = bitcast %struct.rpc_call_ops** %64 to i64* %66 = load i64, i64* %65, align 8 store i64 %66, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 %61, i16* %51, align 8 store i8 0, i8* %52, align 2 %67 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 %70 = ptrtoint %struct.rpc_task* %67 to i64 %71 = trunc i64 %70 to i32 br label %75 %76 = phi i32 [ %71, %69 ], [ %74, %72 ] %77 = load %struct.nfs_fattr*, %struct.nfs_fattr** %53, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_fsinfo to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_do_fsinfo, %78)) #6 to label %92 [label %78], !srcloc !4 %93 = icmp eq i32 %76, 0 br i1 %93, label %94, label %100 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %76, %struct.nfs4_exception* nonnull %9) #77 %102 = load i8, i8* %54, align 8 %103 = and i8 %102, 8 %104 = icmp eq i8 %103, 0 br i1 %104, label %105, label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 %57 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %34, align 8 %58 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %57, i64 0, i32 15 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 %61 = select i1 %60, i16 0, i16 4 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %36, align 8 store %struct.nfs4_sequence_args.236601* %13, %struct.nfs4_sequence_args.236601** %37, align 8 store %struct.nfs4_sequence_res.236603* %30, %struct.nfs4_sequence_res.236603** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %62 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %57, i64 0, i32 31 %63 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %62, align 8 %64 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %63, i64 0, i32 10 %65 = bitcast %struct.rpc_call_ops** %64 to i64* %66 = load i64, i64* %65, align 8 store i64 %66, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 %61, i16* %51, align 8 store i8 0, i8* %52, align 2 %67 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_statfs ------------- Path:  Function:nfs4_proc_statfs %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_statfs_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %17 = bitcast %struct.nfs4_statfs_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 1 %19 = bitcast %struct.rpc_message* %8 to i8* %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.nfs4_server_caps_arg** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %24 = bitcast i8** %23 to %struct.nfs4_statfs_res** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %26 = getelementptr inbounds %struct.nfs_fsstat, %struct.nfs_fsstat* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 27), %struct.rpc_procinfo** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #76 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %32, align 8 %58 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %33, align 8 %59 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %58, i64 0, i32 15 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 0 %62 = select i1 %61, i16 0, i16 4 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %35, align 8 store %struct.nfs4_sequence_args.236601* %13, %struct.nfs4_sequence_args.236601** %36, align 8 store %struct.nfs4_sequence_res.236603* %29, %struct.nfs4_sequence_res.236603** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %63 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %58, i64 0, i32 31 %64 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %62, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 %71 = ptrtoint %struct.rpc_task* %68 to i64 %72 = trunc i64 %71 to i32 br label %76 %77 = phi i32 [ %72, %70 ], [ %75, %73 ] %78 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %0, i32 %77, %struct.nfs4_exception* nonnull %9) #77 %79 = load i8, i8* %52, align 8 %80 = and i8 %79, 8 %81 = icmp eq i8 %80, 0 br i1 %81, label %82, label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 27), %struct.rpc_procinfo** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #76 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %32, align 8 %58 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %33, align 8 %59 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %58, i64 0, i32 15 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 0 %62 = select i1 %61, i16 0, i16 4 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %35, align 8 store %struct.nfs4_sequence_args.236601* %13, %struct.nfs4_sequence_args.236601** %36, align 8 store %struct.nfs4_sequence_res.236603* %29, %struct.nfs4_sequence_res.236603** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %63 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %58, i64 0, i32 31 %64 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %62, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_readdir ------------- Path:  Function:nfs4_proc_readdir %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_readdir_arg, align 8 %6 = alloca %struct.nfs4_readdir_res, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 0 %12 = bitcast %struct.nfs4_readdir_arg* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 1 %15 = bitcast %struct.nfs_fh** %14 to i64** %16 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 4 %18 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 5 %19 = bitcast i64* %16 to i8* %20 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 5 %21 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 4 %22 = bitcast %struct.page*** %21 to i64* %23 = bitcast %struct.page*** %20 to i64* %24 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 6 %25 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 7 %26 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 8 %27 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 6 %28 = bitcast %struct.nfs4_readdir_res* %6 to i8* %29 = bitcast %struct.rpc_message* %7 to i8* %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_readdir_arg** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_readdir_res** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %36 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 1 %37 = bitcast %struct.cred** %36 to i64* %38 = bitcast %struct.cred** %35 to i64* %39 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 3 %40 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 3, i32 0, i64 0 %42 = bitcast i8* %41 to i64* %43 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 2 %44 = bitcast i32** %43 to i64** %45 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0, i32 0 %48 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 0, i32 0 %49 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %51 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %52 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %53 = bitcast %struct.rpc_task_setup* %4 to i8* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %56 = bitcast %struct.rpc_clnt** %55 to i64* %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %59 = bitcast %struct.rpc_xprt** %57 to i8* %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %61 = bitcast %struct.rpc_call_ops** %60 to i64* %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %63 = bitcast i8** %62 to %struct.nfs4_call_sync_data** %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %66 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %67 = bitcast %union.anon.111* %1 to i64** %68 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 1, i32 0, i64 0 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %71 %72 = load %struct.dentry*, %struct.dentry** %11, align 8 %73 = getelementptr inbounds %struct.dentry, %struct.dentry* %72, i64 0, i32 5 %74 = load %struct.inode*, %struct.inode** %73, align 8 %75 = getelementptr inbounds %struct.inode, %struct.inode* %74, i64 0, i32 8 %76 = load %struct.super_block*, %struct.super_block** %75, align 8 %77 = getelementptr inbounds %struct.super_block, %struct.super_block* %76, i64 0, i32 28 %78 = bitcast i8** %77 to %struct.nfs_server.236590** %79 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %78, align 16 %80 = getelementptr %struct.inode, %struct.inode* %74, i64 -1, i32 17, i32 1 store i64* %80, i64** %15, align 8 %81 = load i32, i32* %18, align 8 store i32 %81, i32* %17, align 8 %82 = load i64, i64* %22, align 8 store i64 %82, i64* %23, align 8 store i32 0, i32* %24, align 8 %83 = load i8, i8* %27, align 4, !range !4 store i8 %83, i8* %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 29), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_readdir_arg* %5, %struct.nfs4_readdir_arg** %32, align 8 store %struct.nfs4_readdir_res* %6, %struct.nfs4_readdir_res** %34, align 8 %84 = load i64, i64* %37, align 8 store i64 %84, i64* %38, align 8 %85 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %79, i64 0, i32 10 %86 = load i32, i32* %85, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %79, i64 0, i32 36, i64 0 %90 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %79, i64 0, i32 35, i64 0 %91 = select i1 %88, i32* %89, i32* %90 store i32* %91, i32** %25, align 8 %92 = load i64, i64* %39, align 8 %93 = icmp ugt i64 %92, 2 %94 = inttoptr i64 %82 to i64* br i1 %93, label %95, label %98 %99 = icmp eq i64 %92, 2 br i1 %99, label %170, label %100 %101 = load i64, i64* %94, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %103 = inttoptr i64 %102 to %struct.task_struct* %104 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %103, i64 0, i32 166 %105 = load i32, i32* %104, align 8 %106 = add i32 %105, 1 store i32 %106, i32* %104, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %107 = load i64, i64* @vmemmap_base, align 8 %108 = sub i64 %101, %107 %109 = shl i64 %108, 6 %110 = load i64, i64* @page_offset_base, align 8 %111 = add i64 %109, %110 %112 = inttoptr i64 %111 to i8* %113 = inttoptr i64 %111 to i32* %114 = icmp eq i64 %92, 0 br i1 %114, label %115, label %140 %116 = getelementptr i8, i8* %112, i64 4 %117 = bitcast i8* %116 to i32* store i32 16777216, i32* %113, align 4 %118 = getelementptr i8, i8* %112, i64 8 %119 = bitcast i8* %118 to i32* store i32 0, i32* %117, align 4 %120 = getelementptr i8, i8* %112, i64 12 %121 = bitcast i8* %120 to i32* store i32 16777216, i32* %119, align 4 %122 = getelementptr i8, i8* %112, i64 16 store i32 16777216, i32* %121, align 4 %123 = bitcast i8* %122 to i32* store i32 46, i32* %123, align 4 %124 = getelementptr i8, i8* %112, i64 20 %125 = bitcast i8* %124 to i32* %126 = getelementptr i8, i8* %112, i64 24 %127 = bitcast i8* %126 to i32* store i32 16777216, i32* %125, align 4 %128 = getelementptr i8, i8* %112, i64 28 %129 = bitcast i8* %128 to i32* store i32 33558528, i32* %127, align 4 %130 = getelementptr i8, i8* %112, i64 32 %131 = bitcast i8* %130 to i32* store i32 201326592, i32* %129, align 4 %132 = getelementptr i8, i8* %112, i64 36 store i32 33554432, i32* %131, align 4 %133 = load %struct.inode*, %struct.inode** %73, align 8 %134 = getelementptr %struct.inode, %struct.inode* %133, i64 -1, i32 17, i32 0 %135 = load i64, i64* %134, align 8 %137 = bitcast i8* %132 to i64* store i64 %136, i64* %137, align 1 %138 = getelementptr i8, i8* %112, i64 44 %139 = bitcast i8* %138 to i32* br label %140 %141 = phi i32* [ %139, %115 ], [ %113, %100 ] %142 = getelementptr i32, i32* %141, i64 1 store i32 16777216, i32* %141, align 4 %143 = getelementptr i32, i32* %141, i64 2 store i32 0, i32* %142, align 4 %144 = getelementptr i32, i32* %141, i64 3 store i32 33554432, i32* %143, align 4 %145 = getelementptr i32, i32* %141, i64 4 store i32 33554432, i32* %144, align 4 store i32 11822, i32* %145, align 4 %146 = getelementptr i32, i32* %141, i64 5 %147 = getelementptr i32, i32* %141, i64 6 store i32 16777216, i32* %146, align 4 %148 = getelementptr i32, i32* %141, i64 7 store i32 33558528, i32* %147, align 4 %149 = getelementptr i32, i32* %141, i64 8 store i32 201326592, i32* %148, align 4 %150 = getelementptr i32, i32* %141, i64 9 store i32 33554432, i32* %149, align 4 %151 = getelementptr inbounds %struct.dentry, %struct.dentry* %72, i64 0, i32 3 %152 = load %struct.dentry*, %struct.dentry** %151, align 8 %153 = getelementptr inbounds %struct.dentry, %struct.dentry* %152, i64 0, i32 5 %154 = load %struct.inode*, %struct.inode** %153, align 8 %155 = getelementptr %struct.inode, %struct.inode* %154, i64 -1, i32 17, i32 0 %156 = load i64, i64* %155, align 8 %158 = bitcast i32* %150 to i64* store i64 %157, i64* %158, align 1 %159 = getelementptr i32, i32* %141, i64 11 %160 = ptrtoint i32* %159 to i64 %161 = sub i64 %160, %111 %162 = trunc i64 %161 to i32 store i32 %162, i32* %24, align 8 %163 = load i32, i32* %17, align 8 %164 = sub i32 %163, %162 store i32 %164, i32* %17, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %165 = load i32, i32* %104, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %104, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %167 = load i32, i32* %24, align 8 %168 = load i8, i8* %40, align 8 %169 = and i8 %168, -4 br label %170 %171 = phi i8 [ 0, %95 ], [ 0, %98 ], [ %169, %140 ] %172 = phi i32 [ 0, %95 ], [ 0, %98 ], [ %167, %140 ] store i32 %172, i32* %45, align 8 %173 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %79, i64 0, i32 3 %174 = bitcast %struct.rpc_clnt** %173 to i64* %175 = load i64, i64* %174, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %47, align 8 store i8 %171, i8* %40, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %48, align 8 %176 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %79, i64 0, i32 0 %177 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %176, align 8 %178 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %177, i64 0, i32 15 %179 = load i32, i32* %178, align 8 %180 = icmp eq i32 %179, 0 %181 = select i1 %180, i16 0, i16 4 store %struct.nfs_server.236590* %79, %struct.nfs_server.236590** %50, align 8 store %struct.nfs4_sequence_args.236601* %13, %struct.nfs4_sequence_args.236601** %51, align 8 store %struct.nfs4_sequence_res.236603* %46, %struct.nfs4_sequence_res.236603** %52, align 8 store %struct.rpc_task* null, %struct.rpc_task** %54, align 8 store i64 %175, i64* %56, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %58, align 8 %182 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %177, i64 0, i32 31 %183 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %182, align 8 %184 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %183, i64 0, i32 10 %185 = bitcast %struct.rpc_call_ops** %184 to i64* %186 = load i64, i64* %185, align 8 store i64 %186, i64* %61, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %63, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %64, align 8 store i16 %181, i16* %65, align 8 store i8 0, i8* %66, align 2 %187 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 _nfs4_proc_remove 11 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %18, i32 1) #77 %38 = load %struct.super_block*, %struct.super_block** %19, align 8 %39 = getelementptr inbounds %struct.super_block, %struct.super_block* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.nfs_server.236590** %41 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %40, align 16 %42 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %41, i32 %22, %struct.nfs4_exception* nonnull %3) #77 %43 = load i8, i8* %20, align 8 %44 = and i8 %43, 8 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %18, i32 1) #77 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.236602, align 8 %7 = alloca %struct.nfs_removeres.236604, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.236590** %13 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %12, align 16 %14 = bitcast %struct.nfs_removeargs.236602* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** store i64* %17, i64** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.236604* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 1 store %struct.nfs_server.236590* %13, %struct.nfs_server.236590** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.236602** store %struct.nfs_removeargs.236602* %6, %struct.nfs_removeargs.236602** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.236604** store %struct.nfs_removeres.236604* %7, %struct.nfs_removeres.236604** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %13, i64 0, i32 0 %42 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %42, i64 0, i32 15 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 %46 = select i1 %45, i16 0, i16 4 %47 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.236590* %13, %struct.nfs_server.236590** %48, align 8 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.236601* %15, %struct.nfs4_sequence_args.236601** %49, align 8 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.236603* %37, %struct.nfs4_sequence_res.236603** %50, align 8 %51 = bitcast %struct.rpc_task_setup* %5 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %54 = bitcast %struct.rpc_clnt** %53 to i64* store i64 %36, i64* %54, align 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %57 = bitcast %struct.rpc_xprt** %55 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %56, align 8 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %59 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %42, i64 0, i32 31 %60 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %59, align 8 %61 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %60, i64 0, i32 10 %62 = bitcast %struct.rpc_call_ops** %61 to i64* %63 = load i64, i64* %62, align 8 %64 = bitcast %struct.rpc_call_ops** %58 to i64* store i64 %63, i64* %64, align 8 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %66 = bitcast i8** %65 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %66, align 8 %67 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %67, align 8 %68 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 %46, i16* %68, align 8 %69 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %69, align 2 %70 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 _nfs4_proc_remove 11 nfs4_proc_rmdir ------------- Path:  Function:nfs4_proc_rmdir %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %1, i32 2) #76 %25 = load %struct.super_block*, %struct.super_block** %6, align 8 %26 = getelementptr inbounds %struct.super_block, %struct.super_block* %25, i64 0, i32 28 %27 = bitcast i8** %26 to %struct.nfs_server.236590** %28 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %27, align 16 %29 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %28, i32 %9, %struct.nfs4_exception* nonnull %3) #76 %30 = load i8, i8* %7, align 8 %31 = and i8 %30, 8 %32 = icmp eq i8 %31, 0 br i1 %32, label %33, label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %1, i32 2) #76 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.236602, align 8 %7 = alloca %struct.nfs_removeres.236604, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.236590** %13 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %12, align 16 %14 = bitcast %struct.nfs_removeargs.236602* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %18 = bitcast %struct.nfs_fh** %16 to i64** store i64* %17, i64** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.236604* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 1 store %struct.nfs_server.236590* %13, %struct.nfs_server.236590** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.236602** store %struct.nfs_removeargs.236602* %6, %struct.nfs_removeargs.236602** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.236604** store %struct.nfs_removeres.236604* %7, %struct.nfs_removeres.236604** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %13, i64 0, i32 0 %42 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %42, i64 0, i32 15 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 %46 = select i1 %45, i16 0, i16 4 %47 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.236590* %13, %struct.nfs_server.236590** %48, align 8 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.236601* %15, %struct.nfs4_sequence_args.236601** %49, align 8 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.236603* %37, %struct.nfs4_sequence_res.236603** %50, align 8 %51 = bitcast %struct.rpc_task_setup* %5 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %54 = bitcast %struct.rpc_clnt** %53 to i64* store i64 %36, i64* %54, align 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %57 = bitcast %struct.rpc_xprt** %55 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %56, align 8 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %59 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %42, i64 0, i32 31 %60 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %59, align 8 %61 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %60, i64 0, i32 10 %62 = bitcast %struct.rpc_call_ops** %61 to i64* %63 = load i64, i64* %62, align 8 %64 = bitcast %struct.rpc_call_ops** %58 to i64* store i64 %63, i64* %64, align 8 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %66 = bitcast i8** %65 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %66, align 8 %67 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %67, align 8 %68 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 %46, i16* %68, align 8 %69 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %69, align 2 %70 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_readlink ------------- Path:  Function:nfs4_proc_readlink %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.page*, align 8 %8 = alloca %struct.nfs4_readlink, align 8 %9 = alloca %struct.nfs4_readlink_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = bitcast %struct.page** %7 to i8* %15 = bitcast %struct.nfs4_readlink* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 1 %18 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %19 = bitcast %struct.nfs_fh** %17 to i64** %20 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 3 %22 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 4 %23 = bitcast %struct.nfs4_readlink_res* %9 to i8* %24 = bitcast %struct.rpc_message* %10 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs4_readlink** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %6 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %55 store %struct.page* %1, %struct.page** %7, align 8 store i64* %18, i64** %19, align 8 store i32 %2, i32* %20, align 8 store i32 %3, i32* %21, align 4 store %struct.page** %7, %struct.page*** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 28), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %27, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 %56 = load %struct.super_block*, %struct.super_block** %31, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.236590** %59 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %35, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 15 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 %68 = select i1 %67, i16 0, i16 4 store %struct.nfs_server.236590* %59, %struct.nfs_server.236590** %37, align 8 store %struct.nfs4_sequence_args.236601* %16, %struct.nfs4_sequence_args.236601** %38, align 8 store %struct.nfs4_sequence_res.236603* %32, %struct.nfs4_sequence_res.236603** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %45, align 8 %69 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %68, i16* %52, align 8 store i8 0, i8* %53, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #76 %77 = ptrtoint %struct.rpc_task* %74 to i64 %78 = trunc i64 %77 to i32 br label %82 %83 = phi i32 [ %78, %76 ], [ %81, %79 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_readlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_readlink, %84)) #6 to label %98 [label %84], !srcloc !4 %99 = load %struct.super_block*, %struct.super_block** %31, align 8 %100 = getelementptr inbounds %struct.super_block, %struct.super_block* %99, i64 0, i32 28 %101 = bitcast i8** %100 to %struct.nfs_server.236590** %102 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %101, align 16 %103 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %102, i32 %83, %struct.nfs4_exception* nonnull %11) #77 %104 = load i8, i8* %54, align 8 %105 = and i8 %104, 8 %106 = icmp eq i8 %105, 0 br i1 %106, label %107, label %55 store %struct.page* %1, %struct.page** %7, align 8 store i64* %18, i64** %19, align 8 store i32 %2, i32* %20, align 8 store i32 %3, i32* %21, align 4 store %struct.page** %7, %struct.page*** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 28), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %27, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 %56 = load %struct.super_block*, %struct.super_block** %31, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.236590** %59 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %35, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 15 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 %68 = select i1 %67, i16 0, i16 4 store %struct.nfs_server.236590* %59, %struct.nfs_server.236590** %37, align 8 store %struct.nfs4_sequence_args.236601* %16, %struct.nfs4_sequence_args.236601** %38, align 8 store %struct.nfs4_sequence_res.236603* %32, %struct.nfs4_sequence_res.236603** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %45, align 8 %69 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %68, i16* %52, align 8 store i8 0, i8* %53, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs_fh** %14 to i64** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236590** %62 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %61, align 16 store i64* %15, i64** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #76 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %71 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %62, i64 0, i32 38, i64 0 store i32* %71, i32** %17, align 8 br label %72 %73 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %62, i64 0, i32 3 %74 = bitcast %struct.rpc_clnt** %73 to i64* %75 = load i64, i64* %74, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %34, align 8 %76 = load i8, i8* %35, align 8 %77 = and i8 %76, -4 store i8 %77, i8* %35, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %36, align 8 %78 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %62, i64 0, i32 0 %79 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %78, align 8 %80 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %79, i64 0, i32 15 %81 = load i32, i32* %80, align 8 %82 = icmp eq i32 %81, 0 %83 = select i1 %82, i16 0, i16 4 store %struct.nfs_server.236590* %62, %struct.nfs_server.236590** %38, align 8 store %struct.nfs4_sequence_args.236601* %13, %struct.nfs4_sequence_args.236601** %39, align 8 store %struct.nfs4_sequence_res.236603* %33, %struct.nfs4_sequence_res.236603** %40, align 8 store %struct.rpc_task* null, %struct.rpc_task** %42, align 8 store i64 %75, i64* %44, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %46, align 8 %84 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %79, i64 0, i32 31 %85 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %84, align 8 %86 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %85, i64 0, i32 10 %87 = bitcast %struct.rpc_call_ops** %86 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %49, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 %83, i16* %53, align 8 store i8 0, i8* %54, align 2 %89 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_lookupp ------------- Path:  Function:nfs4_proc_lookupp %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_server_caps_arg, align 8 %8 = alloca %struct.nfs4_lookup_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = bitcast %struct.nfs4_server_caps_arg* %7 to i8* %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 1 %16 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %17 = bitcast %struct.nfs_fh** %15 to i64** %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 2 %19 = bitcast %struct.nfs4_lookup_res* %8 to i8* %20 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 1 %21 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 2 %22 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 3 %23 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 4 %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_arg** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_lookup_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %6 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %55 %56 = load %struct.super_block*, %struct.super_block** %13, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.236590** %59 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store i64* %16, i64** %17, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 35, i64 0 store %struct.nfs_server.236590* %59, %struct.nfs_server.236590** %20, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %21, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %22, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %23, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 61), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %27, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 store i32* %63, i32** %18, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #76 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 %64 = load i8, i8* %34, align 8 %65 = and i8 %64, -4 store i8 %65, i8* %34, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %35, align 8 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 0 %67 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %66, align 8 %68 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %67, i64 0, i32 15 %69 = load i32, i32* %68, align 8 %70 = icmp eq i32 %69, 0 %71 = select i1 %70, i16 0, i16 4 store %struct.nfs_server.236590* %59, %struct.nfs_server.236590** %37, align 8 store %struct.nfs4_sequence_args.236601* %32, %struct.nfs4_sequence_args.236601** %38, align 8 store %struct.nfs4_sequence_res.236603* %31, %struct.nfs4_sequence_res.236603** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %45, align 8 %72 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %67, i64 0, i32 31 %73 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %72, align 8 %74 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %73, i64 0, i32 10 %75 = bitcast %struct.rpc_call_ops** %74 to i64* %76 = load i64, i64* %75, align 8 store i64 %76, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %71, i16* %52, align 8 store i8 0, i8* %53, align 2 %77 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #76 %80 = ptrtoint %struct.rpc_task* %77 to i64 %81 = trunc i64 %80 to i32 br label %85 %86 = phi i32 [ %81, %79 ], [ %84, %82 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookupp to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_lookupp, %87)) #6 to label %101 [label %87], !srcloc !4 %102 = load %struct.super_block*, %struct.super_block** %13, align 8 %103 = getelementptr inbounds %struct.super_block, %struct.super_block* %102, i64 0, i32 28 %104 = bitcast i8** %103 to %struct.nfs_server.236590** %105 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %104, align 16 %106 = call i32 @nfs4_handle_exception(%struct.nfs_server.236590* %105, i32 %86, %struct.nfs4_exception* nonnull %10) #77 %107 = load i8, i8* %54, align 8 %108 = and i8 %107, 8 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %55 %56 = load %struct.super_block*, %struct.super_block** %13, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.236590** %59 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store i64* %16, i64** %17, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 35, i64 0 store %struct.nfs_server.236590* %59, %struct.nfs_server.236590** %20, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %21, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %22, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %23, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 61), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %27, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 store i32* %63, i32** %18, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #76 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %33, align 8 %64 = load i8, i8* %34, align 8 %65 = and i8 %64, -4 store i8 %65, i8* %34, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %35, align 8 %66 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %59, i64 0, i32 0 %67 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %66, align 8 %68 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %67, i64 0, i32 15 %69 = load i32, i32* %68, align 8 %70 = icmp eq i32 %69, 0 %71 = select i1 %70, i16 0, i16 4 store %struct.nfs_server.236590* %59, %struct.nfs_server.236590** %37, align 8 store %struct.nfs4_sequence_args.236601* %32, %struct.nfs4_sequence_args.236601** %38, align 8 store %struct.nfs4_sequence_res.236603* %31, %struct.nfs4_sequence_res.236603** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %45, align 8 %72 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %67, i64 0, i32 31 %73 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %72, align 8 %74 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %73, i64 0, i32 10 %75 = bitcast %struct.rpc_call_ops** %74 to i64* %76 = load i64, i64* %75, align 8 store i64 %76, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %71, i16* %52, align 8 store i8 0, i8* %53, align 2 %77 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_lookup_common 11 nfs4_proc_lookup ------------- Path:  Function:nfs4_proc_lookup %6 = alloca %struct.rpc_clnt*, align 8 %7 = bitcast %struct.rpc_clnt** %6 to i8* %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.236590** %12 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %12, i64 0, i32 3 %14 = bitcast %struct.rpc_clnt** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = bitcast %struct.rpc_clnt** %6 to i64* store i64 %15, i64* %16, align 8 %17 = call fastcc i32 @nfs4_proc_lookup_common(%struct.rpc_clnt** nonnull %6, %struct.inode* %0, %struct.dentry* %1, %struct.nfs_fh* %2, %struct.nfs_fattr* %3, %struct.nfs4_label* %4) #76 Function:nfs4_proc_lookup_common %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup, align 8 %9 = alloca %struct.nfs4_lookup_arg, align 8 %10 = alloca %struct.nfs4_lookup_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %18 = bitcast %struct.nfs4_lookup_arg* %9 to i8* %19 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0 %20 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 1 %21 = getelementptr %struct.inode, %struct.inode* %1, i64 -1, i32 17, i32 1 %22 = bitcast %struct.nfs_fh** %20 to i64** %23 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 2 %24 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 3 %25 = bitcast %struct.nfs4_lookup_res* %10 to i8* %26 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 1 %28 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 2 %29 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 4 %31 = bitcast %struct.rpc_message* %11 to i8* %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %34 = bitcast i8** %33 to %struct.nfs4_lookup_arg** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %36 = bitcast i8** %35 to %struct.nfs4_lookup_res** %37 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %38 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 9 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 0 %40 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %41 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0, i32 0 %44 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %48 = bitcast %struct.rpc_task_setup* %8 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 0 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 1 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 2 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 4 %53 = bitcast %struct.rpc_xprt** %51 to i8* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 5 %55 = bitcast %struct.rpc_call_ops** %54 to i64* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 6 %57 = bitcast i8** %56 to %struct.nfs4_call_sync_data** %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 7 %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 9 %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %62 %63 = phi %struct.rpc_clnt* [ %15, %6 ], [ %206, %204 ] %64 = load %struct.super_block*, %struct.super_block** %17, align 8 %65 = getelementptr inbounds %struct.super_block, %struct.super_block* %64, i64 0, i32 28 %66 = bitcast i8** %65 to %struct.nfs_server.236590** %67 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %66, align 16 store i64* %21, i64** %22, align 8 store %struct.qstr* %16, %struct.qstr** %23, align 8 %68 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %67, i64 0, i32 35, i64 0 store i32* %68, i32** %24, align 8 store %struct.nfs_server.236590* %67, %struct.nfs_server.236590** %27, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %28, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %29, align 8 store %struct.nfs4_label* %5, %struct.nfs4_label** %30, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 19), %struct.rpc_procinfo** %32, align 8 store %struct.nfs4_lookup_arg* %9, %struct.nfs4_lookup_arg** %34, align 8 store %struct.nfs4_lookup_res* %10, %struct.nfs4_lookup_res** %36, align 8 store %struct.cred* null, %struct.cred** %37, align 8 %69 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %67, i64 0, i32 0 %70 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %69, align 8 %71 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %70, i64 0, i32 15 %72 = load i32, i32* %71, align 8 %73 = icmp eq i32 %72, 0 %74 = select i1 %73, i16 0, i16 4 %75 = load %struct.super_block*, %struct.super_block** %38, align 8 %76 = getelementptr inbounds %struct.super_block, %struct.super_block* %75, i64 0, i32 28 %77 = bitcast i8** %76 to %struct.nfs_server.236590** %78 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %77, align 16 %79 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %78, i64 0, i32 8 %80 = load i32, i32* %79, align 8 %81 = and i32 %80, 8388608 %82 = icmp eq i32 %81, 0 br i1 %82, label %95, label %83 %84 = load i32, i32* %39, align 8 %85 = and i32 %84, 7340032 %86 = icmp eq i32 %85, 0 br i1 %86, label %95, label %87 %88 = load %struct.inode*, %struct.inode** %40, align 8 %89 = getelementptr %struct.inode, %struct.inode* %88, i64 -1, i32 17, i32 1 %90 = bitcast i64* %89 to i16* %91 = load i16, i16* %90, align 2 %92 = icmp eq i16 %91, 0 %93 = or i16 %74, 4096 %94 = select i1 %92, i16 %74, i16 %93 br label %95 %96 = phi i16 [ %74, %83 ], [ %74, %62 ], [ %94, %87 ] store i32* %68, i32** %24, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #76 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %41, align 8 %97 = load i8, i8* %42, align 8 %98 = and i8 %97, -4 store i8 %98, i8* %42, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %43, align 8 %99 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %69, align 8 store %struct.nfs_server.236590* %67, %struct.nfs_server.236590** %45, align 8 store %struct.nfs4_sequence_args.236601* %19, %struct.nfs4_sequence_args.236601** %46, align 8 store %struct.nfs4_sequence_res.236603* %26, %struct.nfs4_sequence_res.236603** %47, align 8 store %struct.rpc_task* null, %struct.rpc_task** %49, align 8 store %struct.rpc_clnt* %63, %struct.rpc_clnt** %50, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %52, align 8 %100 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %99, i64 0, i32 31 %101 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %100, align 8 %102 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %101, i64 0, i32 10 %103 = bitcast %struct.rpc_call_ops** %102 to i64* %104 = load i64, i64* %103, align 8 store i64 %104, i64* %55, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %57, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %58, align 8 store i16 %96, i16* %59, align 8 store i8 0, i8* %60, align 2 %105 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = bitcast [3 x i32]* %8 to i8* %16 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %21 = bitcast %struct.nfs4_getattr_res* %10 to i8* %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %26 = bitcast %struct.rpc_message* %11 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs4_server_caps_arg** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs4_getattr_res** %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %33 = icmp eq %struct.inode* %4, null %34 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 8 %35 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 35, i64 0 %36 = bitcast i32* %35 to i8* %37 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 17 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %37, i64 9, i32 1 %39 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 1 %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 3 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %0, i64 0, i32 0 %46 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %50 = bitcast %struct.rpc_task_setup* %7 to i8* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %53 = bitcast %struct.rpc_clnt** %52 to i64* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %56 = bitcast %struct.rpc_xprt** %54 to i8* %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %58 = bitcast %struct.rpc_call_ops** %57 to i64* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %60 = bitcast i8** %59 to %struct.nfs4_call_sync_data** %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 %64 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %65 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %25, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 18), %struct.rpc_procinfo** %27, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %29, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %31, align 8 store %struct.cred* null, %struct.cred** %32, align 8 br i1 %33, label %66, label %67 %68 = load i32, i32* %34, align 8 %69 = lshr i32 %68, 11 %70 = trunc i32 %69 to i16 %71 = and i16 %70, 4096 %72 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %4, i32 1) #76 %73 = icmp eq i32 %72, 0 br i1 %73, label %101, label %74 %75 = load volatile i64, i64* %38, align 8 %76 = load i32, i32* %39, align 4 %77 = and i32 %76, -513 store i32 %77, i32* %39, align 4 %78 = and i64 %75, 2048 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %83 %81 = load i32, i32* %20, align 4 %82 = and i32 %81, -17 store i32 %82, i32* %20, align 4 br label %83 %84 = and i64 %75, 256 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %89 %87 = load i32, i32* %20, align 4 %88 = and i32 %87, -9 store i32 %88, i32* %20, align 4 br label %89 %90 = and i64 %75, 131072 %91 = icmp eq i64 %90, 0 %92 = and i32 %76, -515 %93 = select i1 %91, i32 %92, i32 %77 %94 = and i64 %75, 135168 %95 = icmp eq i64 %94, 135168 br i1 %95, label %101, label %96 %97 = and i64 %75, 4096 %98 = icmp eq i64 %97, 0 %99 = and i32 %93, -561 %100 = select i1 %98, i32 %99, i32 %93 store i32 %100, i32* %39, align 4 br label %101 %102 = phi i16 [ 0, %66 ], [ %71, %67 ], [ %71, %89 ], [ %71, %96 ] call void @nfs_fattr_init(%struct.nfs_fattr* %2) #76 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %40, align 8 %103 = load i8, i8* %41, align 8 %104 = and i8 %103, -4 store i8 %104, i8* %41, align 8 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %42, align 8 %105 = load i64, i64* %44, align 8 %106 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %45, align 8 store %struct.nfs_server.236590* %0, %struct.nfs_server.236590** %47, align 8 store %struct.nfs4_sequence_args.236601* %17, %struct.nfs4_sequence_args.236601** %48, align 8 store %struct.nfs4_sequence_res.236603* %22, %struct.nfs4_sequence_res.236603** %49, align 8 store %struct.rpc_task* null, %struct.rpc_task** %51, align 8 store i64 %105, i64* %53, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %55, align 8 %107 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %106, i64 0, i32 31 %108 = load %struct.nfs4_minor_version_ops.236657*, %struct.nfs4_minor_version_ops.236657** %107, align 8 %109 = getelementptr inbounds %struct.nfs4_minor_version_ops.236657, %struct.nfs4_minor_version_ops.236657* %108, i64 0, i32 10 %110 = bitcast %struct.rpc_call_ops** %109 to i64* %111 = load i64, i64* %110, align 8 store i64 %111, i64* %58, align 8 store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %60, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %61, align 8 store i16 %102, i16* %62, align 8 store i8 0, i8* %63, align 2 %112 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #76 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #76 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #76 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #76 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !11 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #76 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #76 %64 = call i64 @io_schedule_timeout(i64 5000) #76 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 wakeup_flusher_threads 7 ksys_sync 8 __do_sys_sync ------------- Path:  Function:__do_sys_sync tail call void @ksys_sync() #76 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #76 Function:wakeup_flusher_threads %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 16 %6 = icmp eq %struct.blk_plug* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %18, label %17 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %5, i1 zeroext true) #76 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #76 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #76 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.299665** %43 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.299667** %46 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.299702** %55 = load %struct.request_queue.299702*, %struct.request_queue.299702** %54, align 8 %56 = icmp eq %struct.request_queue.299702* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.299665** %61 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.299665* %61, %43 br i1 %62, label %63, label %73 %64 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 1 %65 = bitcast %struct.list_head** %64 to %struct.blk_mq_ctx.299667** %66 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %65, align 8 %67 = icmp eq %struct.blk_mq_ctx.299667* %66, %46 br i1 %67, label %68, label %73 %69 = add i32 %52, 1 %70 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 0 %71 = load %struct.list_head*, %struct.list_head** %70, align 8 %72 = icmp eq %struct.list_head* %71, %3 br i1 %72, label %73, label %50 %74 = phi i32 [ 1, %37 ], [ %52, %63 ], [ %52, %58 ], [ %69, %68 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %51, %63 ], [ %51, %58 ], [ %3, %68 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.299702** %85 = load %struct.request_queue.299702*, %struct.request_queue.299702** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !9 call void bitcast (void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.299665* %43, %struct.blk_mq_ctx.299667* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #76 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 7 %6 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %19 = load %struct.request_queue.301327*, %struct.request_queue.301327** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301327, %struct.request_queue.301327* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301309*, %struct.elevator_queue.301309** %20, align 8 %22 = icmp eq %struct.elevator_queue.301309* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301290*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.list_head* %2) #76 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_ctx.299667*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301290*, %struct.blk_mq_ctx.301292*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301290* %0, %struct.blk_mq_ctx.301292* %1, %struct.list_head* %2) #76 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext %3) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_restart 4 __blk_mq_free_request 5 blk_mq_put_rq_ref 6 blk_mq_tagset_busy_iter 7 scsi_host_busy 8 show_host_busy ------------- Path:  Function:show_host_busy %4 = getelementptr %struct.device.617410, %struct.device.617410* %0, i64 -2, i32 2 %5 = bitcast %struct.device_private** %4 to %struct.Scsi_Host.620936* %6 = tail call i32 bitcast (i32 (%struct.Scsi_Host*)* @scsi_host_busy to i32 (%struct.Scsi_Host.620936*)*)(%struct.Scsi_Host.620936* %5) #76 Function:scsi_host_busy %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %4 = getelementptr inbounds %struct.Scsi_Host, %struct.Scsi_Host* %0, i64 0, i32 13 call void bitcast (void (%struct.blk_mq_tag_set.300113*, i1 (%struct.request.300096*, i8*, i1)*, i8*)* @blk_mq_tagset_busy_iter to void (%struct.blk_mq_tag_set.617451*, i1 (%struct.request.617434*, i8*, i1)*, i8*)*)(%struct.blk_mq_tag_set.617451* %4, i1 (%struct.request.617434*, i8*, i1)* nonnull @scsi_host_check_in_flight, i8* nonnull %3) #76 Function:blk_mq_tagset_busy_iter %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.blk_mq_tag_set.300113, %struct.blk_mq_tag_set.300113* %0, i64 0, i32 3 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %232, label %9 %10 = getelementptr inbounds %struct.blk_mq_tag_set.300113, %struct.blk_mq_tag_set.300113* %0, i64 0, i32 14 %11 = bitcast i64* %4 to i8* %12 = bitcast i64* %5 to i8* br label %13 %14 = phi i32 [ 0, %9 ], [ %229, %228 ] %15 = load %struct.blk_mq_tags.300086**, %struct.blk_mq_tags.300086*** %10, align 8 %16 = icmp eq %struct.blk_mq_tags.300086** %15, null br i1 %16, label %228, label %17 %18 = sext i32 %14 to i64 %19 = getelementptr %struct.blk_mq_tags.300086*, %struct.blk_mq_tags.300086** %15, i64 %18 %20 = load %struct.blk_mq_tags.300086*, %struct.blk_mq_tags.300086** %19, align 8 %21 = icmp eq %struct.blk_mq_tags.300086* %20, null br i1 %21, label %228, label %22 %23 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %126, label %26 %27 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 7 %28 = load %struct.request.300096**, %struct.request.300096*** %27, align 8 %29 = icmp eq %struct.request.300096** %28, null br i1 %29, label %126, label %30 %31 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 4 %32 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %31, align 8 %33 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 1 %35 = load i32, i32* %33, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %126, label %37 %38 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 4 %39 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 2 %40 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 10, i32 0, i32 0 br label %41 %42 = phi i32 [ %35, %37 ], [ %120, %119 ] %43 = phi i32 [ 0, %37 ], [ %124, %119 ] %44 = phi i32 [ 0, %37 ], [ %53, %119 ] %45 = load %struct.sbitmap_word*, %struct.sbitmap_word** %38, align 8 %46 = zext i32 %43 to i64 %47 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %45, i64 %46, i32 0 %48 = load i64, i64* %47, align 64 %49 = trunc i64 %48 to i32 %50 = sub i32 %42, %44 %51 = icmp ugt i32 %50, %49 %52 = select i1 %51, i32 %49, i32 %50 %53 = add i32 %52, %44 %54 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %45, i64 %46, i32 2 %55 = load i64, i64* %54, align 64 %56 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %45, i64 %46, i32 4 %57 = load i64, i64* %56, align 64 %58 = xor i64 %57, -1 %59 = and i64 %55, %58 store i64 %59, i64* %4, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %119, label %61 %62 = zext i32 %52 to i64 br label %63 %64 = phi i64 [ 0, %61 ], [ %108, %107 ] %65 = and i64 %64, 4294967295 %66 = call i64 @_find_next_bit(i64* nonnull %4, i64* null, i64 %62, i64 %65, i64 0, i64 0) #76 %67 = trunc i64 %66 to i32 %68 = icmp ugt i32 %52, %67 br i1 %68, label %69, label %117 %118 = load i32, i32* %33, align 8 br label %119 %120 = phi i32 [ %118, %117 ], [ %42, %41 ] %121 = add i32 %43, 1 %122 = load i32, i32* %39, align 8 %123 = icmp ult i32 %121, %122 %124 = select i1 %123, i32 %121, i32 0 %125 = icmp ugt i32 %120, %53 br i1 %125, label %41, label %126 %127 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 7 %128 = load %struct.request.300096**, %struct.request.300096*** %127, align 8 %129 = icmp eq %struct.request.300096** %128, null br i1 %129, label %228, label %130 %131 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 3 %132 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %131, align 8 %133 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 0 %134 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 1 %135 = load i32, i32* %133, align 8 %136 = icmp eq i32 %135, 0 br i1 %136, label %228, label %137 %138 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 4 %139 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 2 %140 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %20, i64 0, i32 10, i32 0, i32 0 br label %141 %142 = phi i32 [ %135, %137 ], [ %222, %221 ] %143 = phi i32 [ 0, %137 ], [ %226, %221 ] %144 = phi i32 [ 0, %137 ], [ %153, %221 ] %145 = load %struct.sbitmap_word*, %struct.sbitmap_word** %138, align 8 %146 = zext i32 %143 to i64 %147 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %145, i64 %146, i32 0 %148 = load i64, i64* %147, align 64 %149 = trunc i64 %148 to i32 %150 = sub i32 %142, %144 %151 = icmp ugt i32 %150, %149 %152 = select i1 %151, i32 %149, i32 %150 %153 = add i32 %152, %144 %154 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %145, i64 %146, i32 2 %155 = load i64, i64* %154, align 64 %156 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %145, i64 %146, i32 4 %157 = load i64, i64* %156, align 64 %158 = xor i64 %157, -1 %159 = and i64 %155, %158 store i64 %159, i64* %5, align 8 %160 = icmp eq i64 %159, 0 br i1 %160, label %221, label %161 %162 = zext i32 %152 to i64 br label %163 %164 = phi i64 [ 0, %161 ], [ %210, %209 ] %165 = and i64 %164, 4294967295 %166 = call i64 @_find_next_bit(i64* nonnull %5, i64* null, i64 %162, i64 %165, i64 0, i64 0) #76 %167 = trunc i64 %166 to i32 %168 = icmp ugt i32 %152, %167 br i1 %168, label %169, label %219 %170 = load i32, i32* %134, align 4 %171 = shl i32 %143, %170 %172 = add i32 %171, %167 %173 = load i32, i32* %23, align 4 %174 = add i32 %172, %173 %175 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %140) #76 %176 = load %struct.request.300096**, %struct.request.300096*** %127, align 8 %177 = zext i32 %174 to i64 %178 = getelementptr %struct.request.300096*, %struct.request.300096** %176, i64 %177 %179 = load %struct.request.300096*, %struct.request.300096** %178, align 8 %180 = icmp eq %struct.request.300096* %179, null br i1 %180, label %208, label %181 %182 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %179, i64 0, i32 5 %183 = load i32, i32* %182, align 8 %184 = icmp eq i32 %183, %174 br i1 %184, label %185, label %208 %186 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %179, i64 0, i32 24 %187 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %186, i64 0, i32 0, i32 0 %188 = load volatile i32, i32* %187, align 4 %189 = icmp eq i32 %188, 0 br i1 %189, label %200, label %190 %191 = phi i32 [ %198, %197 ], [ %188, %185 ] %192 = add i32 %191, 1 %193 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %187, i32 %192, i32* %187, i32 %191) #6, !srcloc !4 %194 = extractvalue { i8, i32 } %193, 0 %195 = and i8 %194, 1 %196 = icmp eq i8 %195, 0 br i1 %196, label %197, label %200, !prof !5, !misexpect !6 %198 = extractvalue { i8, i32 } %193, 1 %199 = icmp eq i32 %198, 0 br i1 %199, label %200, label %190 %201 = phi i32 [ 0, %185 ], [ %191, %190 ], [ 0, %197 ] %202 = add i32 %201, 1 %203 = or i32 %202, %201 %204 = icmp sgt i32 %203, -1 br i1 %204, label %206, label %205, !prof !7, !misexpect !6 %207 = icmp eq i32 %201, 0 br i1 %207, label %208, label %211 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %140, i64 %175) #76 %212 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %179, i64 0, i32 23 %213 = load volatile i32, i32* %212, align 8 %214 = icmp eq i32 %213, 0 br i1 %214, label %217, label %215 call void bitcast (void (%struct.request.299674*)* @blk_mq_put_rq_ref to void (%struct.request.300096*)*)(%struct.request.300096* nonnull %179) #76 Function:blk_mq_put_rq_ref %2 = tail call zeroext i1 bitcast (i1 (%struct.request.294690*)* @is_flush_rq to i1 (%struct.request.299674*)*)(%struct.request.299674* %0) #76 br i1 %2, label %3, label %6 %7 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 24 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call fastcc void @__blk_mq_free_request(%struct.request.299674* %0) #77 Function:__blk_mq_free_request %2 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 0 %3 = load %struct.request_queue.299702*, %struct.request_queue.299702** %2, align 8 %4 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 1 %5 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %4, align 8 %6 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 2 %7 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %6, align 8 %8 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %3, i64 0, i32 18 %11 = load %struct.device.299645*, %struct.device.299645** %10, align 8 %12 = icmp eq %struct.device.299645* %11, null br i1 %12, label %21, label %13 store %struct.blk_mq_hw_ctx.299665* null, %struct.blk_mq_hw_ctx.299665** %6, align 8 %22 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 5 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, -1 br i1 %24, label %28, label %25 %29 = icmp eq i32 %9, -1 br i1 %29, label %33, label %30 tail call void bitcast (void (%struct.blk_mq_hw_ctx.301290*)* @blk_mq_sched_restart to void (%struct.blk_mq_hw_ctx.299665*)*)(%struct.blk_mq_hw_ctx.299665* %7) #76 Function:blk_mq_sched_restart %2 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 0, i32 2 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 4 %5 = icmp eq i64 %4, 0 br i1 %5, label %8, label %6 %7 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -5, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext true) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_restart 4 __blk_mq_free_request 5 blk_mq_put_rq_ref 6 bt_for_each 7 blk_mq_queue_tag_busy_iter 8 blk_mq_in_flight 9 part_stat_show ------------- Path:  Function:part_stat_show %4 = alloca %struct.disk_stats, align 8 %5 = getelementptr %struct.device.299645, %struct.device.299645* %0, i64 -1, i32 31 %6 = bitcast %struct.list_head* %5 to %struct.block_device.299712* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 51, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.gendisk.299710** %9 = load %struct.gendisk.299710*, %struct.gendisk.299710** %8, align 8 %10 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %9, i64 0, i32 9 %11 = load %struct.request_queue.299702*, %struct.request_queue.299702** %10, align 8 %12 = bitcast %struct.disk_stats* %4 to i8* call fastcc void @part_stat_read_all(%struct.block_device.299712* %6, %struct.disk_stats* nonnull %4) #76 %13 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %11, i64 0, i32 5 %14 = load %struct.blk_mq_ops.299693*, %struct.blk_mq_ops.299693** %13, align 8 %15 = icmp eq %struct.blk_mq_ops.299693* %14, null br i1 %15, label %18, label %16 %17 = tail call i32 @blk_mq_in_flight(%struct.request_queue.299702* %11, %struct.block_device.299712* %6) #77 Function:blk_mq_in_flight %3 = alloca %struct.mq_inflight, align 8 %4 = bitcast %struct.mq_inflight* %3 to i8* %5 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %3, i64 0, i32 0 store %struct.block_device.299712* %1, %struct.block_device.299712** %5, align 8 %6 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %3, i64 0, i32 1 %7 = bitcast [2 x i32]* %6 to i64* store i64 0, i64* %7, align 8 call void bitcast (void (%struct.request_queue.300119*, i1 (%struct.blk_mq_hw_ctx.300087*, %struct.request.300096*, i8*, i1)*, i8*)* @blk_mq_queue_tag_busy_iter to void (%struct.request_queue.299702*, i1 (%struct.blk_mq_hw_ctx.299665*, %struct.request.299674*, i8*, i1)*, i8*)*)(%struct.request_queue.299702* %0, i1 (%struct.blk_mq_hw_ctx.299665*, %struct.request.299674*, i8*, i1)* nonnull @blk_mq_check_inflight, i8* nonnull %4) #76 Function:blk_mq_queue_tag_busy_iter tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.request_queue.300119, %struct.request_queue.300119* %0, i64 0, i32 2, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 3 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !5, !misexpect !6 %9 = inttoptr i64 %5 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 1, i64* %9) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 br label %29 %30 = getelementptr inbounds %struct.request_queue.300119, %struct.request_queue.300119* %0, i64 0, i32 9 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %64, label %33 %34 = getelementptr inbounds %struct.request_queue.300119, %struct.request_queue.300119* %0, i64 0, i32 8 br label %35 %36 = phi i32 [ %31, %33 ], [ %61, %60 ] %37 = phi i32 [ 0, %33 ], [ %62, %60 ] %38 = load %struct.blk_mq_hw_ctx.300087**, %struct.blk_mq_hw_ctx.300087*** %34, align 8 %39 = sext i32 %37 to i64 %40 = getelementptr %struct.blk_mq_hw_ctx.300087*, %struct.blk_mq_hw_ctx.300087** %38, i64 %39 %41 = load %struct.blk_mq_hw_ctx.300087*, %struct.blk_mq_hw_ctx.300087** %40, align 8 %42 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %41, i64 0, i32 19 %43 = load %struct.blk_mq_tags.300086*, %struct.blk_mq_tags.300086** %42, align 64 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %41, i64 0, i32 14 %45 = load i16, i16* %44, align 2 %46 = icmp ne i16 %45, 0 %47 = icmp ne %struct.blk_mq_tags.300086* %43, null %48 = and i1 %47, %46 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %43, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %56, label %53 %57 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %43, i64 0, i32 3 %58 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %57, align 8 tail call fastcc void @bt_for_each(%struct.blk_mq_hw_ctx.300087* %41, %struct.sbitmap_queue* %58, i1 (%struct.blk_mq_hw_ctx.300087*, %struct.request.300096*, i8*, i1)* %1, i8* %2, i1 zeroext false) #77 Function:bt_for_each %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 1 %9 = load i32, i32* %7, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %116, label %11 %12 = bitcast i64* %6 to i8* %13 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 4 %14 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 2 %15 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %0, i64 0, i32 19 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %0, i64 0, i32 7 br label %17 %18 = phi i32 [ %9, %11 ], [ %110, %109 ] %19 = phi i32 [ 0, %11 ], [ %114, %109 ] %20 = phi i32 [ 0, %11 ], [ %29, %109 ] %21 = load %struct.sbitmap_word*, %struct.sbitmap_word** %13, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 0 %24 = load i64, i64* %23, align 64 %25 = trunc i64 %24 to i32 %26 = sub i32 %18, %20 %27 = icmp ugt i32 %26, %25 %28 = select i1 %27, i32 %25, i32 %26 %29 = add i32 %28, %20 %30 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 2 %31 = load i64, i64* %30, align 64 %32 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 4 %33 = load i64, i64* %32, align 64 %34 = xor i64 %33, -1 %35 = and i64 %31, %34 store i64 %35, i64* %6, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %109, label %37 %38 = zext i32 %28 to i64 br label %39 %40 = phi i64 [ 0, %37 ], [ %93, %92 ] %41 = and i64 %40, 4294967295 %42 = call i64 @_find_next_bit(i64* nonnull %6, i64* null, i64 %38, i64 %41, i64 0, i64 0) #76 %43 = trunc i64 %42 to i32 %44 = icmp ugt i32 %28, %43 br i1 %44, label %45, label %107 %46 = load i32, i32* %8, align 4 %47 = shl i32 %19, %46 %48 = add i32 %47, %43 %49 = load %struct.blk_mq_tags.300086*, %struct.blk_mq_tags.300086** %15, align 64 br i1 %4, label %54, label %50 %51 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %49, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, %48 br label %54 %55 = phi i32 [ %48, %45 ], [ %53, %50 ] %56 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %49, i64 0, i32 10, i32 0, i32 0 %57 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %56) #76 %58 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %49, i64 0, i32 7 %59 = load %struct.request.300096**, %struct.request.300096*** %58, align 8 %60 = zext i32 %55 to i64 %61 = getelementptr %struct.request.300096*, %struct.request.300096** %59, i64 %60 %62 = load %struct.request.300096*, %struct.request.300096** %61, align 8 %63 = icmp eq %struct.request.300096* %62, null br i1 %63, label %91, label %64 %65 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 5 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %55 br i1 %67, label %68, label %91 %69 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 24 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %69, i64 0, i32 0, i32 0 %71 = load volatile i32, i32* %70, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %83, label %73 %74 = phi i32 [ %81, %80 ], [ %71, %68 ] %75 = add i32 %74, 1 %76 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32 %75, i32* %70, i32 %74) #6, !srcloc !4 %77 = extractvalue { i8, i32 } %76, 0 %78 = and i8 %77, 1 %79 = icmp eq i8 %78, 0 br i1 %79, label %80, label %83, !prof !5, !misexpect !6 %81 = extractvalue { i8, i32 } %76, 1 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %73 %84 = phi i32 [ 0, %68 ], [ %74, %73 ], [ 0, %80 ] %85 = add i32 %84, 1 %86 = or i32 %85, %84 %87 = icmp sgt i32 %86, -1 br i1 %87, label %89, label %88, !prof !7, !misexpect !6 %90 = icmp eq i32 %84, 0 br i1 %90, label %91, label %94 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %56, i64 %57) #76 %95 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 0 %96 = load %struct.request_queue.300119*, %struct.request_queue.300119** %95, align 8 %97 = load %struct.request_queue.300119*, %struct.request_queue.300119** %16, align 8 %98 = icmp eq %struct.request_queue.300119* %96, %97 br i1 %98, label %99, label %105 %100 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 2 %101 = load %struct.blk_mq_hw_ctx.300087*, %struct.blk_mq_hw_ctx.300087** %100, align 8 %102 = icmp eq %struct.blk_mq_hw_ctx.300087* %101, %0 br i1 %102, label %103, label %105 call void bitcast (void (%struct.request.299674*)* @blk_mq_put_rq_ref to void (%struct.request.300096*)*)(%struct.request.300096* nonnull %62) #76 Function:blk_mq_put_rq_ref %2 = tail call zeroext i1 bitcast (i1 (%struct.request.294690*)* @is_flush_rq to i1 (%struct.request.299674*)*)(%struct.request.299674* %0) #76 br i1 %2, label %3, label %6 %7 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 24 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call fastcc void @__blk_mq_free_request(%struct.request.299674* %0) #77 Function:__blk_mq_free_request %2 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 0 %3 = load %struct.request_queue.299702*, %struct.request_queue.299702** %2, align 8 %4 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 1 %5 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %4, align 8 %6 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 2 %7 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %6, align 8 %8 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %3, i64 0, i32 18 %11 = load %struct.device.299645*, %struct.device.299645** %10, align 8 %12 = icmp eq %struct.device.299645* %11, null br i1 %12, label %21, label %13 store %struct.blk_mq_hw_ctx.299665* null, %struct.blk_mq_hw_ctx.299665** %6, align 8 %22 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 5 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, -1 br i1 %24, label %28, label %25 %29 = icmp eq i32 %9, -1 br i1 %29, label %33, label %30 tail call void bitcast (void (%struct.blk_mq_hw_ctx.301290*)* @blk_mq_sched_restart to void (%struct.blk_mq_hw_ctx.299665*)*)(%struct.blk_mq_hw_ctx.299665* %7) #76 Function:blk_mq_sched_restart %2 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 0, i32 2 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 4 %5 = icmp eq i64 %4, 0 br i1 %5, label %8, label %6 %7 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -5, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext true) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_restart 4 __blk_mq_free_request 5 blk_mq_put_rq_ref 6 bt_for_each 7 blk_mq_queue_tag_busy_iter 8 blk_mq_in_flight_rw 9 part_inflight_show ------------- Path:  Function:part_inflight_show %4 = alloca [2 x i32], align 4 %5 = getelementptr %struct.device.299645, %struct.device.299645* %0, i64 -1, i32 31 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 51, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.gendisk.299710** %8 = load %struct.gendisk.299710*, %struct.gendisk.299710** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.299710, %struct.gendisk.299710* %8, i64 0, i32 9 %10 = load %struct.request_queue.299702*, %struct.request_queue.299702** %9, align 8 %11 = bitcast [2 x i32]* %4 to i8* %12 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %10, i64 0, i32 5 %13 = load %struct.blk_mq_ops.299693*, %struct.blk_mq_ops.299693** %12, align 8 %14 = icmp eq %struct.blk_mq_ops.299693* %13, null %15 = getelementptr inbounds [2 x i32], [2 x i32]* %4, i64 0, i64 0 br i1 %14, label %21, label %16 %17 = bitcast %struct.list_head* %5 to %struct.block_device.299712* call void @blk_mq_in_flight_rw(%struct.request_queue.299702* %10, %struct.block_device.299712* %17, i32* nonnull %15) #76 Function:blk_mq_in_flight_rw %4 = alloca %struct.mq_inflight, align 8 %5 = bitcast %struct.mq_inflight* %4 to i8* %6 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %4, i64 0, i32 0 store %struct.block_device.299712* %1, %struct.block_device.299712** %6, align 8 %7 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %4, i64 0, i32 1 %8 = bitcast [2 x i32]* %7 to i64* store i64 0, i64* %8, align 8 call void bitcast (void (%struct.request_queue.300119*, i1 (%struct.blk_mq_hw_ctx.300087*, %struct.request.300096*, i8*, i1)*, i8*)* @blk_mq_queue_tag_busy_iter to void (%struct.request_queue.299702*, i1 (%struct.blk_mq_hw_ctx.299665*, %struct.request.299674*, i8*, i1)*, i8*)*)(%struct.request_queue.299702* %0, i1 (%struct.blk_mq_hw_ctx.299665*, %struct.request.299674*, i8*, i1)* nonnull @blk_mq_check_inflight, i8* nonnull %5) #76 Function:blk_mq_queue_tag_busy_iter tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.request_queue.300119, %struct.request_queue.300119* %0, i64 0, i32 2, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 3 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !5, !misexpect !6 %9 = inttoptr i64 %5 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 1, i64* %9) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #76 br label %29 %30 = getelementptr inbounds %struct.request_queue.300119, %struct.request_queue.300119* %0, i64 0, i32 9 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %64, label %33 %34 = getelementptr inbounds %struct.request_queue.300119, %struct.request_queue.300119* %0, i64 0, i32 8 br label %35 %36 = phi i32 [ %31, %33 ], [ %61, %60 ] %37 = phi i32 [ 0, %33 ], [ %62, %60 ] %38 = load %struct.blk_mq_hw_ctx.300087**, %struct.blk_mq_hw_ctx.300087*** %34, align 8 %39 = sext i32 %37 to i64 %40 = getelementptr %struct.blk_mq_hw_ctx.300087*, %struct.blk_mq_hw_ctx.300087** %38, i64 %39 %41 = load %struct.blk_mq_hw_ctx.300087*, %struct.blk_mq_hw_ctx.300087** %40, align 8 %42 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %41, i64 0, i32 19 %43 = load %struct.blk_mq_tags.300086*, %struct.blk_mq_tags.300086** %42, align 64 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %41, i64 0, i32 14 %45 = load i16, i16* %44, align 2 %46 = icmp ne i16 %45, 0 %47 = icmp ne %struct.blk_mq_tags.300086* %43, null %48 = and i1 %47, %46 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %43, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %56, label %53 %57 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %43, i64 0, i32 3 %58 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %57, align 8 tail call fastcc void @bt_for_each(%struct.blk_mq_hw_ctx.300087* %41, %struct.sbitmap_queue* %58, i1 (%struct.blk_mq_hw_ctx.300087*, %struct.request.300096*, i8*, i1)* %1, i8* %2, i1 zeroext false) #77 Function:bt_for_each %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 1 %9 = load i32, i32* %7, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %116, label %11 %12 = bitcast i64* %6 to i8* %13 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 4 %14 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 2 %15 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %0, i64 0, i32 19 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.300087, %struct.blk_mq_hw_ctx.300087* %0, i64 0, i32 7 br label %17 %18 = phi i32 [ %9, %11 ], [ %110, %109 ] %19 = phi i32 [ 0, %11 ], [ %114, %109 ] %20 = phi i32 [ 0, %11 ], [ %29, %109 ] %21 = load %struct.sbitmap_word*, %struct.sbitmap_word** %13, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 0 %24 = load i64, i64* %23, align 64 %25 = trunc i64 %24 to i32 %26 = sub i32 %18, %20 %27 = icmp ugt i32 %26, %25 %28 = select i1 %27, i32 %25, i32 %26 %29 = add i32 %28, %20 %30 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 2 %31 = load i64, i64* %30, align 64 %32 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 4 %33 = load i64, i64* %32, align 64 %34 = xor i64 %33, -1 %35 = and i64 %31, %34 store i64 %35, i64* %6, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %109, label %37 %38 = zext i32 %28 to i64 br label %39 %40 = phi i64 [ 0, %37 ], [ %93, %92 ] %41 = and i64 %40, 4294967295 %42 = call i64 @_find_next_bit(i64* nonnull %6, i64* null, i64 %38, i64 %41, i64 0, i64 0) #76 %43 = trunc i64 %42 to i32 %44 = icmp ugt i32 %28, %43 br i1 %44, label %45, label %107 %46 = load i32, i32* %8, align 4 %47 = shl i32 %19, %46 %48 = add i32 %47, %43 %49 = load %struct.blk_mq_tags.300086*, %struct.blk_mq_tags.300086** %15, align 64 br i1 %4, label %54, label %50 %51 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %49, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, %48 br label %54 %55 = phi i32 [ %48, %45 ], [ %53, %50 ] %56 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %49, i64 0, i32 10, i32 0, i32 0 %57 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %56) #76 %58 = getelementptr inbounds %struct.blk_mq_tags.300086, %struct.blk_mq_tags.300086* %49, i64 0, i32 7 %59 = load %struct.request.300096**, %struct.request.300096*** %58, align 8 %60 = zext i32 %55 to i64 %61 = getelementptr %struct.request.300096*, %struct.request.300096** %59, i64 %60 %62 = load %struct.request.300096*, %struct.request.300096** %61, align 8 %63 = icmp eq %struct.request.300096* %62, null br i1 %63, label %91, label %64 %65 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 5 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %55 br i1 %67, label %68, label %91 %69 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 24 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %69, i64 0, i32 0, i32 0 %71 = load volatile i32, i32* %70, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %83, label %73 %74 = phi i32 [ %81, %80 ], [ %71, %68 ] %75 = add i32 %74, 1 %76 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32 %75, i32* %70, i32 %74) #6, !srcloc !4 %77 = extractvalue { i8, i32 } %76, 0 %78 = and i8 %77, 1 %79 = icmp eq i8 %78, 0 br i1 %79, label %80, label %83, !prof !5, !misexpect !6 %81 = extractvalue { i8, i32 } %76, 1 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %73 %84 = phi i32 [ 0, %68 ], [ %74, %73 ], [ 0, %80 ] %85 = add i32 %84, 1 %86 = or i32 %85, %84 %87 = icmp sgt i32 %86, -1 br i1 %87, label %89, label %88, !prof !7, !misexpect !6 %90 = icmp eq i32 %84, 0 br i1 %90, label %91, label %94 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %56, i64 %57) #76 %95 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 0 %96 = load %struct.request_queue.300119*, %struct.request_queue.300119** %95, align 8 %97 = load %struct.request_queue.300119*, %struct.request_queue.300119** %16, align 8 %98 = icmp eq %struct.request_queue.300119* %96, %97 br i1 %98, label %99, label %105 %100 = getelementptr inbounds %struct.request.300096, %struct.request.300096* %62, i64 0, i32 2 %101 = load %struct.blk_mq_hw_ctx.300087*, %struct.blk_mq_hw_ctx.300087** %100, align 8 %102 = icmp eq %struct.blk_mq_hw_ctx.300087* %101, %0 br i1 %102, label %103, label %105 call void bitcast (void (%struct.request.299674*)* @blk_mq_put_rq_ref to void (%struct.request.300096*)*)(%struct.request.300096* nonnull %62) #76 Function:blk_mq_put_rq_ref %2 = tail call zeroext i1 bitcast (i1 (%struct.request.294690*)* @is_flush_rq to i1 (%struct.request.299674*)*)(%struct.request.299674* %0) #76 br i1 %2, label %3, label %6 %7 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 24 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call fastcc void @__blk_mq_free_request(%struct.request.299674* %0) #77 Function:__blk_mq_free_request %2 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 0 %3 = load %struct.request_queue.299702*, %struct.request_queue.299702** %2, align 8 %4 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 1 %5 = load %struct.blk_mq_ctx.299667*, %struct.blk_mq_ctx.299667** %4, align 8 %6 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 2 %7 = load %struct.blk_mq_hw_ctx.299665*, %struct.blk_mq_hw_ctx.299665** %6, align 8 %8 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %3, i64 0, i32 18 %11 = load %struct.device.299645*, %struct.device.299645** %10, align 8 %12 = icmp eq %struct.device.299645* %11, null br i1 %12, label %21, label %13 store %struct.blk_mq_hw_ctx.299665* null, %struct.blk_mq_hw_ctx.299665** %6, align 8 %22 = getelementptr inbounds %struct.request.299674, %struct.request.299674* %0, i64 0, i32 5 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, -1 br i1 %24, label %28, label %25 %29 = icmp eq i32 %9, -1 br i1 %29, label %33, label %30 tail call void bitcast (void (%struct.blk_mq_hw_ctx.301290*)* @blk_mq_sched_restart to void (%struct.blk_mq_hw_ctx.299665*)*)(%struct.blk_mq_hw_ctx.299665* %7) #76 Function:blk_mq_sched_restart %2 = getelementptr inbounds %struct.blk_mq_hw_ctx.301290, %struct.blk_mq_hw_ctx.301290* %0, i64 0, i32 0, i32 2 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 4 %5 = icmp eq i64 %4, 0 br i1 %5, label %8, label %6 %7 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -5, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.blk_mq_hw_ctx.299665*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301290*, i1)*)(%struct.blk_mq_hw_ctx.301290* %0, i1 zeroext true) #76 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %14 = load %struct.request_queue.299702*, %struct.request_queue.299702** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #76 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.299665* %0, i1 zeroext %1, i64 0) #77 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 7 %27 = load %struct.request_queue.299702*, %struct.request_queue.299702** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.299702, %struct.request_queue.299702* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.299665, %struct.blk_mq_hw_ctx.299665* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #78 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #78 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 __wakeup_flusher_threads_bdi 1 wakeup_flusher_threads 2 ksys_sync 3 __do_sys_sync ------------- Path:  Function:__do_sys_sync tail call void @ksys_sync() #76 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #76 Function:wakeup_flusher_threads %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 16 %6 = icmp eq %struct.blk_plug* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %18, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @bdi_list, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @bdi_list br i1 %20, label %28, label %21 %22 = phi %struct.list_head* [ %26, %21 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.backing_dev_info* tail call fastcc void @__wakeup_flusher_threads_bdi(%struct.backing_dev_info* %24, i32 %0) #77 Function:__wakeup_flusher_threads_bdi %3 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %0, i64 0, i32 10, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %51, label %6 %7 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %0, i64 0, i32 12 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = getelementptr %struct.list_head, %struct.list_head* %9, i64 -37, i32 1 %11 = getelementptr inbounds %struct.list_head*, %struct.list_head** %10, i64 73 %12 = bitcast %struct.list_head** %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %7, %12 br i1 %13, label %51, label %14 %15 = phi %struct.list_head* [ %49, %44 ], [ %12, %6 ] %16 = phi %struct.list_head** [ %47, %44 ], [ %10, %6 ] %17 = bitcast %struct.list_head** %16 to %struct.bdi_writeback* %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 1 %19 = bitcast %struct.list_head** %18 to i64* %20 = load volatile i64, i64* %19, align 8 %21 = and i64 %20, 4 %22 = icmp eq i64 %21, 0 br i1 %22, label %44, label %23 %24 = load volatile i64, i64* %19, align 8 %25 = and i64 %24, 8 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %44 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %19, i64 3, i64* %19) #6, !srcloc !4 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %31, label %44 %32 = getelementptr inbounds %struct.bdi_writeback, %struct.bdi_writeback* %17, i64 0, i32 20 store i32 %1, i32* %32, align 4 %33 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 47 %34 = bitcast %struct.list_head** %33 to %struct.raw_spinlock* tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %34) #76 %35 = load volatile i64, i64* %19, align 8 %36 = and i64 %35, 1 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = load %struct.workqueue_struct*, %struct.workqueue_struct** @bdi_wq, align 8 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 50 %41 = bitcast %struct.list_head** %40 to %struct.delayed_work* %42 = tail call zeroext i1 @mod_delayed_work_on(i32 64, %struct.workqueue_struct* %39, %struct.delayed_work* %41, i64 0) #76 ------------- Good: 1306 Bad: 31 Ignored: 1671 Check Use of Function:kernel_power_off Check Use of Function:drm_property_change_valid_put Check Use of Function:proc_lookup Check Use of Function:proc_sys_lookup Check Use of Function:proc_tgid_base_lookup Check Use of Function:tcp_send_window_probe Check Use of Function:msdos_lookup Check Use of Function:isofs_lookup Check Use of Function:msdos_create Check Use of Function:autofs_lookup Check Use of Function:intel_overlay_flip_prepare Check Use of Function:ext4_alloc_io_end_vec Check Use of Function:proc_ns_dir_lookup Check Use of Function:i915_gem_ww_ctx_fini Check Use of Function:proc_attr_dir_lookup Check Use of Function:ieee80211_remove_interfaces Check Use of Function:drm_gem_handle_delete Check Use of Function:proc_tgid_net_lookup Check Use of Function:sd_pr_reserve Check Use of Function:ramfs_create Check Use of Function:nfs_create Check Use of Function:cfg80211_sme_deauth Check Use of Function:ext4_file_write_iter Check Use of Function:__sta_info_flush Check Use of Function:walk_component Check Use of Function:__rseq_handle_notify_resume Check Use of Function:init_utimes Check Use of Function:vfs_get_tree Check Use of Function:__mmu_notifier_invalidate_range Check Use of Function:__netlink_dump_start Check Use of Function:drm_property_replace_blob Check Use of Function:filename_lookup Check Use of Function:vfs_link Check Use of Function:inode_owner_or_capable Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273376*, %struct.iattr.273378*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273376* %1, %struct.iattr.273378* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 9 %5 = load %struct.super_block.147945*, %struct.super_block.147945** %4, align 8 %6 = getelementptr inbounds %struct.super_block.147945, %struct.super_block.147945* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209843** %8 = load %struct.msdos_sb_info.209843*, %struct.msdos_sb_info.209843** %7, align 16 %9 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 5 %10 = load %struct.inode.147961*, %struct.inode.147961** %9, align 8 %11 = getelementptr inbounds %struct.iattr.147952, %struct.iattr.147952* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209843, %struct.msdos_sb_info.209843* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148075** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148075**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148075* %20 = getelementptr inbounds %struct.task_struct.148075, %struct.task_struct.148075* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #76 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.147950*, %struct.iattr.147952*)*)(%struct.user_namespace* %0, %struct.dentry.147950* %1, %struct.iattr.147952* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 9 %5 = load %struct.super_block.147945*, %struct.super_block.147945** %4, align 8 %6 = getelementptr inbounds %struct.super_block.147945, %struct.super_block.147945* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209843** %8 = load %struct.msdos_sb_info.209843*, %struct.msdos_sb_info.209843** %7, align 16 %9 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 5 %10 = load %struct.inode.147961*, %struct.inode.147961** %9, align 8 %11 = getelementptr inbounds %struct.iattr.147952, %struct.iattr.147952* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209843, %struct.msdos_sb_info.209843* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148075** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148075**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148075* %20 = getelementptr inbounds %struct.task_struct.148075, %struct.task_struct.148075* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #76 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.147950*, %struct.iattr.147952*)*)(%struct.user_namespace* %0, %struct.dentry.147950* %1, %struct.iattr.147952* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273376*, %struct.iattr.273378*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273376* %1, %struct.iattr.273378* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 9 %5 = load %struct.super_block.147945*, %struct.super_block.147945** %4, align 8 %6 = getelementptr inbounds %struct.super_block.147945, %struct.super_block.147945* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209843** %8 = load %struct.msdos_sb_info.209843*, %struct.msdos_sb_info.209843** %7, align 16 %9 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 5 %10 = load %struct.inode.147961*, %struct.inode.147961** %9, align 8 %11 = getelementptr inbounds %struct.iattr.147952, %struct.iattr.147952* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209843, %struct.msdos_sb_info.209843* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148075** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148075**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148075* %20 = getelementptr inbounds %struct.task_struct.148075, %struct.task_struct.148075* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #76 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.147950*, %struct.iattr.147952*)*)(%struct.user_namespace* %0, %struct.dentry.147950* %1, %struct.iattr.147952* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 9 %5 = load %struct.super_block.147945*, %struct.super_block.147945** %4, align 8 %6 = getelementptr inbounds %struct.super_block.147945, %struct.super_block.147945* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209843** %8 = load %struct.msdos_sb_info.209843*, %struct.msdos_sb_info.209843** %7, align 16 %9 = getelementptr inbounds %struct.dentry.147950, %struct.dentry.147950* %1, i64 0, i32 5 %10 = load %struct.inode.147961*, %struct.inode.147961** %9, align 8 %11 = getelementptr inbounds %struct.iattr.147952, %struct.iattr.147952* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209843, %struct.msdos_sb_info.209843* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148075** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148075**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148075* %20 = getelementptr inbounds %struct.task_struct.148075, %struct.task_struct.148075* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #76 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.147950*, %struct.iattr.147952*)*)(%struct.user_namespace* %0, %struct.dentry.147950* %1, %struct.iattr.147952* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.150265* %50 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %49, i64 0, i32 85 %51 = load %struct.cred*, %struct.cred** %50, align 64 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.150265* %77 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %76, i64 0, i32 85 %78 = load %struct.cred*, %struct.cred** %77, align 64 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %5, i32 0) #76 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 8 %96 = load %struct.super_block.150144*, %struct.super_block.150144** %95, align 8 %97 = getelementptr inbounds %struct.super_block.150144, %struct.super_block.150144* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #76 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #76 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %5) #76 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %104 = load %struct.mm_struct*, %struct.mm_struct** %103, align 8 store %struct.vm_area_struct* %74, %struct.vm_area_struct** %11, align 8 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %106 = load i64, i64* %105, align 8 %107 = and i64 %106, 4203520 %108 = icmp eq i64 %107, 0 br i1 %108, label %109, label %134 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 12 %111 = load %struct.vm_operations_struct*, %struct.vm_operations_struct** %110, align 8 %112 = icmp eq %struct.vm_operations_struct* %111, null br i1 %112, label %131, label %113 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 14 %115 = load %struct.file*, %struct.file** %114, align 8 %116 = icmp eq %struct.file* %115, null br i1 %116, label %134, label %117 %118 = getelementptr inbounds %struct.file, %struct.file* %115, i64 0, i32 2 %119 = load %struct.inode*, %struct.inode** %118, align 8 %120 = call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %104 = load %struct.mm_struct*, %struct.mm_struct** %103, align 8 store %struct.vm_area_struct* %74, %struct.vm_area_struct** %11, align 8 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %106 = load i64, i64* %105, align 8 %107 = and i64 %106, 4203520 %108 = icmp eq i64 %107, 0 br i1 %108, label %109, label %134 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 12 %111 = load %struct.vm_operations_struct*, %struct.vm_operations_struct** %110, align 8 %112 = icmp eq %struct.vm_operations_struct* %111, null br i1 %112, label %131, label %113 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 14 %115 = load %struct.file*, %struct.file** %114, align 8 %116 = icmp eq %struct.file* %115, null br i1 %116, label %134, label %117 %118 = getelementptr inbounds %struct.file, %struct.file* %115, i64 0, i32 2 %119 = load %struct.inode*, %struct.inode** %118, align 8 %120 = call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %119) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %9 = icmp eq i8* %5, null br i1 %9, label %16, label %10 %17 = phi %struct.posix_acl* [ %11, %10 ], [ null, %8 ] %18 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = tail call i32 @set_posix_acl(%struct.user_namespace* %1, %struct.inode* %3, i32 %19, %struct.posix_acl* %17) #76 Function:set_posix_acl %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 10 %8 = load i64, i64* %7, align 16 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %86, label %11 %12 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 7 %13 = load %struct.inode_operations*, %struct.inode_operations** %12, align 8 %14 = getelementptr inbounds %struct.inode_operations, %struct.inode_operations* %13, i64 0, i32 20 %15 = load i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)** %14, align 32 %16 = icmp eq i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)* %15, null br i1 %16, label %86, label %17 %18 = icmp eq i32 %2, 16384 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, 16384 br i1 %23, label %27, label %24 %28 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* %0, %struct.inode* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %9 = icmp eq i8* %5, null br i1 %9, label %16, label %10 %17 = phi %struct.posix_acl* [ %11, %10 ], [ null, %8 ] %18 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = tail call i32 @set_posix_acl(%struct.user_namespace* %1, %struct.inode* %3, i32 %19, %struct.posix_acl* %17) #76 Function:set_posix_acl %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 10 %8 = load i64, i64* %7, align 16 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %86, label %11 %12 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 7 %13 = load %struct.inode_operations*, %struct.inode_operations** %12, align 8 %14 = getelementptr inbounds %struct.inode_operations, %struct.inode_operations* %13, i64 0, i32 20 %15 = load i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)** %14, align 32 %16 = icmp eq i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)* %15, null br i1 %16, label %86, label %17 %18 = icmp eq i32 %2, 16384 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, 16384 br i1 %23, label %27, label %24 %28 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* %0, %struct.inode* %1) #76 ------------- Good: 64 Bad: 49 Ignored: 159 Check Use of Function:security_perf_event_open Use: =BAD PATH= Call Stack: 0 __se_sys_perf_event_open 1 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1088 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_perf_event_open 1 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1088 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1088 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #76 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %37 = tail call i64 @_copy_from_user(i8* %3, i8* %19, i64 %22) #76 %38 = icmp eq i64 %37, 0 br i1 %38, label %40, label %155 %41 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 1 store i32 %15, i32* %41, align 4 %42 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 6 %43 = load i64, i64* %42, align 8 %44 = icmp ult i64 %43, 274877906944 br i1 %44, label %45, label %155 %46 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 18 %47 = load i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 br i1 %48, label %49, label %155 %50 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 20 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %155 %54 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 4 %55 = load i64, i64* %54, align 8 %56 = icmp ult i64 %55, 33554432 br i1 %56, label %57, label %155 %58 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 5 %59 = load i64, i64* %58, align 8 %60 = icmp ult i64 %59, 16 br i1 %60, label %61, label %155 %62 = and i64 %55, 2048 %63 = icmp eq i64 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 11 %66 = load i64, i64* %65, align 8 %67 = add i64 %66, -8 %68 = icmp ugt i64 %67, 262135 br i1 %68, label %155, label %69 %70 = and i64 %66, 7 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %77 %78 = phi i64 [ %66, %69 ], [ %76, %72 ] %79 = and i64 %78, 6 %80 = icmp eq i64 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %83 = icmp sgt i32 %82, 1 br i1 %83, label %84, label %88 %89 = tail call i32 @security_perf_event_open(%struct.perf_event_attr* %1, i32 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1088 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #76 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %37 = tail call i64 @_copy_from_user(i8* %3, i8* %19, i64 %22) #76 %38 = icmp eq i64 %37, 0 br i1 %38, label %40, label %155 %41 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 1 store i32 %15, i32* %41, align 4 %42 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 6 %43 = load i64, i64* %42, align 8 %44 = icmp ult i64 %43, 274877906944 br i1 %44, label %45, label %155 %46 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 18 %47 = load i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 br i1 %48, label %49, label %155 %50 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 20 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %155 %54 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 4 %55 = load i64, i64* %54, align 8 %56 = icmp ult i64 %55, 33554432 br i1 %56, label %57, label %155 %58 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 5 %59 = load i64, i64* %58, align 8 %60 = icmp ult i64 %59, 16 br i1 %60, label %61, label %155 %62 = and i64 %55, 2048 %63 = icmp eq i64 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 11 %66 = load i64, i64* %65, align 8 %67 = add i64 %66, -8 %68 = icmp ugt i64 %67, 262135 br i1 %68, label %155, label %69 %70 = and i64 %66, 7 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %77 %78 = phi i64 [ %66, %69 ], [ %76, %72 ] %79 = and i64 %78, 6 %80 = icmp eq i64 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %83 = icmp sgt i32 %82, 1 br i1 %83, label %84, label %88 %89 = tail call i32 @security_perf_event_open(%struct.perf_event_attr* %1, i32 2) #76 ------------- Good: 12 Bad: 4 Ignored: 4 Check Use of Function:ieee80211_process_measurement_req Check Use of Function:wiphy_sysfs_exit Check Use of Function:ip6_route_add Check Use of Function:__audit_inode Check Use of Function:path_lookupat Check Use of Function:__d_lookup_done Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %172 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #76 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %84, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222934*, %struct.dentry.222936*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #76 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %84 %85 = phi %struct.inode* [ %56, %62 ], [ %56, %77 ], [ %56, %73 ], [ %56, %68 ], [ %10, %52 ], [ %10, %46 ] %86 = phi %struct.dentry* [ %57, %62 ], [ %57, %77 ], [ %57, %73 ], [ %57, %68 ], [ %50, %52 ], [ null, %46 ] %87 = phi %struct.dentry* [ %58, %62 ], [ %58, %77 ], [ %58, %73 ], [ %58, %68 ], [ %40, %52 ], [ %40, %46 ] %88 = phi %struct.dentry* [ %59, %62 ], [ %59, %77 ], [ %59, %73 ], [ %59, %68 ], [ %4, %52 ], [ %4, %46 ] %89 = phi i32 [ %64, %62 ], [ 0, %77 ], [ %75, %73 ], [ %66, %68 ], [ -16, %52 ], [ -16, %46 ] %90 = icmp eq %struct.dentry* %87, null br i1 %90, label %92, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %93)) #6 to label %107 [label %93], !srcloc !4 switch i32 %89, label %169 [ i32 0, label %108 i32 -2, label %161 ] %109 = icmp eq %struct.inode* %85, null br i1 %109, label %122, label %110 tail call void bitcast (void (%struct.dentry.149376*, %struct.dentry.149376*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %88) #76 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #76 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.149376* %0, %struct.dentry.149376* %1, i1 zeroext false) #77 Function:__d_move %4 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 5 %5 = load %struct.inode.149388*, %struct.inode.149388** %4, align 8 %6 = icmp eq %struct.inode.149388* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16259, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "350:\0A\09.pushsection .discard.reachable\0A\09.long 350b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.149376* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.149376* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %12, i64 0, i32 3 %14 = load %struct.dentry.149376*, %struct.dentry.149376** %13, align 8 %15 = icmp eq %struct.dentry.149376* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %23 = load %struct.dentry.149376*, %struct.dentry.149376** %22, align 8 br label %24 %25 = phi %struct.dentry.149376* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %25, i64 0, i32 3 %27 = load %struct.dentry.149376*, %struct.dentry.149376** %26, align 8 %28 = icmp eq %struct.dentry.149376* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.149376* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.149376* %23, %0 %34 = icmp eq %struct.dentry.149376* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 3 %43 = load %struct.dentry.149376*, %struct.dentry.149376** %42, align 8 %44 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #76 br label %56 %57 = phi %struct.dentry.149376* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #76 br label %60 %61 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #76 %63 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #76 %65 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 3 %71 = load %struct.dentry.149376*, %struct.dentry.149376** %70, align 8 %72 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %71, i64 0, i32 5 %73 = load %struct.inode.149388*, %struct.inode.149388** %72, align 8 %74 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %73, i64 0, i32 43 %75 = bitcast %union.anon.95* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.149376* %1) #77 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %172 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #76 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %84, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222934*, %struct.dentry.222936*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #76 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %84 %85 = phi %struct.inode* [ %56, %62 ], [ %56, %77 ], [ %56, %73 ], [ %56, %68 ], [ %10, %52 ], [ %10, %46 ] %86 = phi %struct.dentry* [ %57, %62 ], [ %57, %77 ], [ %57, %73 ], [ %57, %68 ], [ %50, %52 ], [ null, %46 ] %87 = phi %struct.dentry* [ %58, %62 ], [ %58, %77 ], [ %58, %73 ], [ %58, %68 ], [ %40, %52 ], [ %40, %46 ] %88 = phi %struct.dentry* [ %59, %62 ], [ %59, %77 ], [ %59, %73 ], [ %59, %68 ], [ %4, %52 ], [ %4, %46 ] %89 = phi i32 [ %64, %62 ], [ 0, %77 ], [ %75, %73 ], [ %66, %68 ], [ -16, %52 ], [ -16, %46 ] %90 = icmp eq %struct.dentry* %87, null br i1 %90, label %92, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %93)) #6 to label %107 [label %93], !srcloc !4 switch i32 %89, label %169 [ i32 0, label %108 i32 -2, label %161 ] %109 = icmp eq %struct.inode* %85, null br i1 %109, label %122, label %110 tail call void bitcast (void (%struct.dentry.149376*, %struct.dentry.149376*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %88) #76 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #76 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.149376* %0, %struct.dentry.149376* %1, i1 zeroext false) #77 Function:__d_move %4 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 5 %5 = load %struct.inode.149388*, %struct.inode.149388** %4, align 8 %6 = icmp eq %struct.inode.149388* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16259, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "350:\0A\09.pushsection .discard.reachable\0A\09.long 350b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.149376* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.149376* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %12, i64 0, i32 3 %14 = load %struct.dentry.149376*, %struct.dentry.149376** %13, align 8 %15 = icmp eq %struct.dentry.149376* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %23 = load %struct.dentry.149376*, %struct.dentry.149376** %22, align 8 br label %24 %25 = phi %struct.dentry.149376* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %25, i64 0, i32 3 %27 = load %struct.dentry.149376*, %struct.dentry.149376** %26, align 8 %28 = icmp eq %struct.dentry.149376* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.149376* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.149376* %23, %0 %34 = icmp eq %struct.dentry.149376* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 3 %43 = load %struct.dentry.149376*, %struct.dentry.149376** %42, align 8 %44 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #76 br label %56 %57 = phi %struct.dentry.149376* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #76 br label %60 %61 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #76 %63 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #76 %65 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 3 %71 = load %struct.dentry.149376*, %struct.dentry.149376** %70, align 8 %72 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %71, i64 0, i32 5 %73 = load %struct.inode.149388*, %struct.inode.149388** %72, align 8 %74 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %73, i64 0, i32 43 %75 = bitcast %union.anon.95* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.149376* %1) #77 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %172 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #76 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %84, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222934*, %struct.dentry.222936*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #76 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %84 %85 = phi %struct.inode* [ %56, %62 ], [ %56, %77 ], [ %56, %73 ], [ %56, %68 ], [ %10, %52 ], [ %10, %46 ] %86 = phi %struct.dentry* [ %57, %62 ], [ %57, %77 ], [ %57, %73 ], [ %57, %68 ], [ %50, %52 ], [ null, %46 ] %87 = phi %struct.dentry* [ %58, %62 ], [ %58, %77 ], [ %58, %73 ], [ %58, %68 ], [ %40, %52 ], [ %40, %46 ] %88 = phi %struct.dentry* [ %59, %62 ], [ %59, %77 ], [ %59, %73 ], [ %59, %68 ], [ %4, %52 ], [ %4, %46 ] %89 = phi i32 [ %64, %62 ], [ 0, %77 ], [ %75, %73 ], [ %66, %68 ], [ -16, %52 ], [ -16, %46 ] %90 = icmp eq %struct.dentry* %87, null br i1 %90, label %92, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %93)) #6 to label %107 [label %93], !srcloc !4 switch i32 %89, label %169 [ i32 0, label %108 i32 -2, label %161 ] %109 = icmp eq %struct.inode* %85, null br i1 %109, label %122, label %110 tail call void bitcast (void (%struct.dentry.149376*, %struct.dentry.149376*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %88) #76 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #76 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.149376* %0, %struct.dentry.149376* %1, i1 zeroext false) #77 Function:__d_move %4 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 5 %5 = load %struct.inode.149388*, %struct.inode.149388** %4, align 8 %6 = icmp eq %struct.inode.149388* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16259, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "350:\0A\09.pushsection .discard.reachable\0A\09.long 350b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.149376* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.149376* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %12, i64 0, i32 3 %14 = load %struct.dentry.149376*, %struct.dentry.149376** %13, align 8 %15 = icmp eq %struct.dentry.149376* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %23 = load %struct.dentry.149376*, %struct.dentry.149376** %22, align 8 br label %24 %25 = phi %struct.dentry.149376* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %25, i64 0, i32 3 %27 = load %struct.dentry.149376*, %struct.dentry.149376** %26, align 8 %28 = icmp eq %struct.dentry.149376* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.149376* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.149376* %23, %0 %34 = icmp eq %struct.dentry.149376* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 3 %43 = load %struct.dentry.149376*, %struct.dentry.149376** %42, align 8 %44 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #76 br label %56 %57 = phi %struct.dentry.149376* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #76 br label %60 %61 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #76 %63 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #76 %65 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %1, i64 0, i32 3 %71 = load %struct.dentry.149376*, %struct.dentry.149376** %70, align 8 %72 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %71, i64 0, i32 5 %73 = load %struct.inode.149388*, %struct.inode.149388** %72, align 8 %74 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %73, i64 0, i32 43 %75 = bitcast %union.anon.95* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.149376* %1) #77 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 9 %11 = load %struct.super_block.153230*, %struct.super_block.153230** %10, align 8 %12 = getelementptr inbounds %struct.super_block.153230, %struct.super_block.153230* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.153260*, %struct.dentry_operations.153260** %12, align 64 %14 = icmp eq %struct.dentry_operations.153260* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry.153259*, %struct.inode.153255*)*)(%struct.dentry.153259* %1, %struct.inode.153255* null) #76 Function:d_add %3 = icmp eq %struct.inode.149388* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.149376* %0, %struct.inode.149388* %1) #77 Function:__d_add %3 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %11 = load %struct.dentry.149376*, %struct.dentry.149376** %10, align 8 %12 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %11, i64 0, i32 5 %13 = load %struct.inode.149388*, %struct.inode.149388** %12, align 8 %14 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %13, i64 0, i32 43 %15 = bitcast %union.anon.95* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.149376* %0) #77 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #76 Function:d_add %3 = icmp eq %struct.inode.149388* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.149376* %0, %struct.inode.149388* %1) #77 Function:__d_add %3 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %11 = load %struct.dentry.149376*, %struct.dentry.149376** %10, align 8 %12 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %11, i64 0, i32 5 %13 = load %struct.inode.149388*, %struct.inode.149388** %12, align 8 %14 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %13, i64 0, i32 43 %15 = bitcast %union.anon.95* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.149376* %0) #77 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #76 Function:d_add %3 = icmp eq %struct.inode.149388* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.149376* %0, %struct.inode.149388* %1) #77 Function:__d_add %3 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %11 = load %struct.dentry.149376*, %struct.dentry.149376** %10, align 8 %12 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %11, i64 0, i32 5 %13 = load %struct.inode.149388*, %struct.inode.149388** %12, align 8 %14 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %13, i64 0, i32 43 %15 = bitcast %union.anon.95* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.149376* %0) #77 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #76 %21 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.nfs_server.215077** %25 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %24, align 16 %26 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %25, i64 0, i32 0 %27 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %26, align 8 %28 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %27, i64 0, i32 12 %29 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %28, align 8 %30 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %29, i64 0, i32 23 %31 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %30, align 8 %32 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %33 = tail call i32 %31(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %32) #76 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %36 tail call void bitcast (void (%struct.inode.149921*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #76 tail call void bitcast (void (%struct.dentry.149376*, %struct.inode.149388*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #76 Function:d_add %3 = icmp eq %struct.inode.149388* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.149376* %0, %struct.inode.149388* %1) #77 Function:__d_add %3 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %0, i64 0, i32 3 %11 = load %struct.dentry.149376*, %struct.dentry.149376** %10, align 8 %12 = getelementptr inbounds %struct.dentry.149376, %struct.dentry.149376* %11, i64 0, i32 5 %13 = load %struct.inode.149388*, %struct.inode.149388** %12, align 8 %14 = getelementptr inbounds %struct.inode.149388, %struct.inode.149388* %13, i64 0, i32 43 %15 = bitcast %union.anon.95* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.149376* %0) #77 ------------- Good: 87 Bad: 7 Ignored: 112 Check Use of Function:i915_gem_ww_ctx_init Check Use of Function:tracefs_syscall_rmdir Check Use of Function:arch_uprobe_pre_xol Check Use of Function:serial8250_pm Check Use of Function:drm_event_reserve_init_locked Check Use of Function:drm_atomic_get_crtc_state Check Use of Function:vfs_rename Check Use of Function:vfs_mkdir Check Use of Function:ext4_xattr_block_set Check Use of Function:cancel_delayed_work_sync Use: =BAD PATH= Call Stack: 0 rpc_destroy_wait_queue 1 nfs4_free_client ------------- Path:  Function:nfs4_free_client %2 = getelementptr inbounds %struct.nfs_client.247326, %struct.nfs_client.247326* %0, i64 0, i32 3 %3 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 3) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %7, label %6 tail call void bitcast (void (%struct.nfs_client.239109*)* @nfs4_kill_renewd to void (%struct.nfs_client.247326*)*)(%struct.nfs_client.247326* %0) #76 br label %7 %8 = getelementptr inbounds %struct.nfs_client.247326, %struct.nfs_client.247326* %0, i64 0, i32 31 %9 = load %struct.nfs4_minor_version_ops.247335*, %struct.nfs4_minor_version_ops.247335** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_minor_version_ops.247335, %struct.nfs4_minor_version_ops.247335* %9, i64 0, i32 3 %11 = bitcast {}** %10 to void (%struct.nfs_client.247326*)** %12 = load void (%struct.nfs_client.247326*)*, void (%struct.nfs_client.247326*)** %11, align 8 tail call void %12(%struct.nfs_client.247326* %0) #76 %13 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 1) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %22, label %16 %17 = load %struct.nfs4_minor_version_ops.247335*, %struct.nfs4_minor_version_ops.247335** %8, align 8 %18 = getelementptr inbounds %struct.nfs4_minor_version_ops.247335, %struct.nfs4_minor_version_ops.247335* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.nfs_client.247326, %struct.nfs_client.247326* %0, i64 0, i32 43 %21 = load %struct.net*, %struct.net** %20, align 8 tail call void @nfs_callback_down(i32 %19, %struct.net* %21) #76 br label %22 %23 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 2) #6, !srcloc !4 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %27, label %26 %28 = getelementptr inbounds %struct.nfs_client.247326, %struct.nfs_client.247326* %0, i64 0, i32 27 tail call void @rpc_destroy_wait_queue(%struct.rpc_wait_queue* %28) #76 Function:rpc_destroy_wait_queue %2 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %0, i64 0, i32 6, i32 2 %3 = tail call zeroext i1 @cancel_delayed_work_sync(%struct.delayed_work* %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_kill_renewd 1 nfs4_free_client ------------- Path:  Function:nfs4_free_client %2 = getelementptr inbounds %struct.nfs_client.247326, %struct.nfs_client.247326* %0, i64 0, i32 3 %3 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 3) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %7, label %6 tail call void bitcast (void (%struct.nfs_client.239109*)* @nfs4_kill_renewd to void (%struct.nfs_client.247326*)*)(%struct.nfs_client.247326* %0) #76 Function:nfs4_kill_renewd %2 = getelementptr inbounds %struct.nfs_client.239109, %struct.nfs_client.239109* %0, i64 0, i32 26 %3 = tail call zeroext i1 bitcast (i1 (%struct.delayed_work*)* @cancel_delayed_work_sync to i1 (%struct.delayed_work.116649*)*)(%struct.delayed_work.116649* %2) #76 ------------- Good: 107 Bad: 2 Ignored: 74 Check Use of Function:vfs_create Check Use of Function:alloc_file_clone Check Use of Function:init_link Check Use of Function:__SCT__tp_func_azx_resume Check Use of Function:init_cgroup_root Check Use of Function:copy_time_ns Check Use of Function:init_mknod Check Use of Function:ext4_ext_remove_space Check Use of Function:timens_on_fork Check Use of Function:vfs_fchown Check Use of Function:security_validate_transition_user Check Use of Function:set_blocksize Check Use of Function:filp_open Check Use of Function:init_symlink Check Use of Function:set_cpus_allowed_ptr Check Use of Function:__getblk_gfp Check Use of Function:io_acct_cancel_pending_work Check Use of Function:drv_event_callback Check Use of Function:__setup_rt_frame Check Use of Function:arch_mmap_rnd Check Use of Function:path_init Check Use of Function:sock_release Check Use of Function:wiphy_regulatory_deregister Check Use of Function:kbd_rate Check Use of Function:inet_netconf_notify_devconf Check Use of Function:netif_carrier_off Check Use of Function:sock_efree Check Use of Function:rate_control_deinitialize Check Use of Function:netlink_unicast Check Use of Function:get_fs_type Check Use of Function:import_single_range Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 105 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 64 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %18, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %153 = zext i32 %92 to i64 %154 = inttoptr i64 %153 to i8* %155 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %156 = load i32, i32* %155, align 8 %157 = zext i32 %156 to i64 %158 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %159 = load i32, i32* %158, align 4 %160 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %161 = load i32, i32* %160, align 16 %162 = zext i32 %161 to i64 %163 = inttoptr i64 %162 to %struct.sys_desc_table* %164 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %165 = load i32, i32* %164, align 4 %166 = call i32 @__sys_sendto(i32 %90, i8* %154, i64 %157, i32 %159, %struct.sys_desc_table* %163, i32 %165) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_send ------------- Path:  Function:__ia32_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_sendto(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32 0) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_sendto ------------- Path:  Function:__ia32_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = inttoptr i64 %6 to i8* %19 = trunc i64 %11 to i32 %20 = inttoptr i64 %14 to %struct.sys_desc_table* %21 = trunc i64 %16 to i32 %22 = tail call i32 @__sys_sendto(i32 %17, i8* %18, i64 %9, i32 %19, %struct.sys_desc_table* %20, i32 %21) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_send ------------- Path:  Function:__x64_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_sendto(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32 0) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_sendto ------------- Path:  Function:__x64_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %10 to i32 %18 = trunc i64 %15 to i32 %19 = tail call i32 @__sys_sendto(i32 %16, i8* %6, i64 %8, i32 %17, %struct.sys_desc_table* %13, i32 %18) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #76 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %109 = trunc i64 %40 to i32 %110 = inttoptr i64 %42 to i8* %111 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %112 = load i64, i64* %111, align 16 %113 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %114 = load i64, i64* %113, align 8 %115 = trunc i64 %114 to i32 %116 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %117 = bitcast i64* %116 to %struct.sys_desc_table** %118 = load %struct.sys_desc_table*, %struct.sys_desc_table** %117, align 16 %119 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %120 = load i64, i64* %119, align 8 %121 = trunc i64 %120 to i32 %122 = call i32 @__sys_sendto(i32 %109, i8* %110, i64 %112, i32 %115, %struct.sys_desc_table* %118, i32 %121) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #76 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %109 = trunc i64 %40 to i32 %110 = inttoptr i64 %42 to i8* %111 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %112 = load i64, i64* %111, align 16 %113 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %114 = load i64, i64* %113, align 8 %115 = trunc i64 %114 to i32 %116 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %117 = bitcast i64* %116 to %struct.sys_desc_table** %118 = load %struct.sys_desc_table*, %struct.sys_desc_table** %117, align 16 %119 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %120 = load i64, i64* %119, align 8 %121 = trunc i64 %120 to i32 %122 = call i32 @__sys_sendto(i32 %109, i8* %110, i64 %112, i32 %115, %struct.sys_desc_table* %118, i32 %121) #76 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recv ------------- Path:  Function:__ia32_compat_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = or i32 %14, -2147483648 %16 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %15, %struct.sys_desc_table* null, i32* null) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recvfrom ------------- Path:  Function:__ia32_compat_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = or i32 %20, -2147483648 %24 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %23, %struct.sys_desc_table* %21, i32* %22) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 105 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 64 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %18, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %178 = zext i32 %92 to i64 %179 = inttoptr i64 %178 to i8* %180 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %181 = load i32, i32* %180, align 8 %182 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %183 = load i32, i32* %182, align 4 %184 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %185 = load i32, i32* %184, align 16 %186 = zext i32 %185 to i64 %187 = inttoptr i64 %186 to %struct.sys_desc_table* %188 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %189 = load i32, i32* %188, align 4 %190 = zext i32 %189 to i64 %191 = inttoptr i64 %190 to i32* %192 = zext i32 %181 to i64 %193 = or i32 %183, -2147483648 %194 = call i32 @__sys_recvfrom(i32 %90, i8* %179, i64 %192, i32 %193, %struct.sys_desc_table* %187, i32* %191) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recv ------------- Path:  Function:__ia32_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32* null) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recvfrom ------------- Path:  Function:__ia32_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %20, %struct.sys_desc_table* %21, i32* %22) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recv ------------- Path:  Function:__x64_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_recvfrom(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32* null) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recvfrom ------------- Path:  Function:__x64_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = bitcast i64* %14 to i32** %16 = load i32*, i32** %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %10 to i32 %19 = tail call i32 @__sys_recvfrom(i32 %17, i8* %6, i64 %8, i32 %18, %struct.sys_desc_table* %13, i32* %16) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #76 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %133 = trunc i64 %40 to i32 %134 = inttoptr i64 %42 to i8* %135 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %136 = load i64, i64* %135, align 16 %137 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %138 = load i64, i64* %137, align 8 %139 = trunc i64 %138 to i32 %140 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %141 = bitcast i64* %140 to %struct.sys_desc_table** %142 = load %struct.sys_desc_table*, %struct.sys_desc_table** %141, align 16 %143 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %144 = bitcast i64* %143 to i32** %145 = load i32*, i32** %144, align 8 %146 = call i32 @__sys_recvfrom(i32 %133, i8* %134, i64 %136, i32 %139, %struct.sys_desc_table* %142, i32* %145) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #76 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #76 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %133 = trunc i64 %40 to i32 %134 = inttoptr i64 %42 to i8* %135 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %136 = load i64, i64* %135, align 16 %137 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %138 = load i64, i64* %137, align 8 %139 = trunc i64 %138 to i32 %140 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %141 = bitcast i64* %140 to %struct.sys_desc_table** %142 = load %struct.sys_desc_table*, %struct.sys_desc_table** %141, align 16 %143 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %144 = bitcast i64* %143 to i32** %145 = load i32*, i32** %144, align 8 %146 = call i32 @__sys_recvfrom(i32 %133, i8* %134, i64 %136, i32 %139, %struct.sys_desc_table* %142, i32* %145) #76 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273230, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273230* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %154 = trunc i64 %1 to i32 %155 = trunc i64 %4 to i32 %156 = icmp ne i64 %2, 0 %157 = icmp ne i64 %3, 0 %158 = and i1 %156, %157 br i1 %158, label %159, label %171 %160 = inttoptr i64 %2 to i8* %161 = bitcast %struct.iovec* %9 to i8* %162 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %10, i64 0, i32 0 %163 = call i32 @import_single_range(i32 1, i8* nonnull %160, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %154 = trunc i64 %1 to i32 %155 = trunc i64 %4 to i32 %156 = icmp ne i64 %2, 0 %157 = icmp ne i64 %3, 0 %158 = and i1 %156, %157 br i1 %158, label %159, label %171 %160 = inttoptr i64 %2 to i8* %161 = bitcast %struct.iovec* %9 to i8* %162 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %10, i64 0, i32 0 %163 = call i32 @import_single_range(i32 1, i8* nonnull %160, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #76 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %11 = bitcast %struct.iovec* %5 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %13 = call i32 @import_single_range(i32 1, i8* nonnull %1, i64 %2, %struct.iovec* nonnull %5, %struct.iov_iter* nonnull %6) #76 ------------- Good: 25 Bad: 21 Ignored: 24 Check Use of Function:handle_mm_fault Check Use of Function:nl80211_send_iface Check Use of Function:iov_iter_advance Use: =BAD PATH= Call Stack: 0 write_iter_null ------------- Path:  Function:write_iter_null %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 tail call void @iov_iter_advance(%struct.iov_iter* %1, i64 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 write_iter_null ------------- Path:  Function:write_iter_null %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 tail call void @iov_iter_advance(%struct.iov_iter* %1, i64 %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 2 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 2 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*, i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.154414*, i64*, %struct.pipe_inode_info.154505*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273225*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*)(%struct.file.273225* %0, i64* %1, %struct.pipe_inode_info.273162* %2, i64 %3, i32 %4) #76 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 2 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #76 ------------- Good: 53 Bad: 5 Ignored: 59 Check Use of Function:rdev_add_virtual_intf Check Use of Function:destroy_workqueue Check Use of Function:regulatory_propagate_dfs_state Check Use of Function:ieee80211_wake_queues_by_reason Check Use of Function:xt_compat_match_from_user Check Use of Function:ieee80211_sta_tear_down_BA_sessions Check Use of Function:calipso_exit Check Use of Function:PageHuge Use: =BAD PATH= Call Stack: 0 page_mapped 1 stable_page_flags 2 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %102 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %102 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %95, label %23 %24 = phi i64 [ %84, %81 ], [ %21, %18 ] %25 = phi i64* [ %83, %81 ], [ %5, %18 ] %26 = phi i64 [ %82, %81 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %69 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %69 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %69, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %69, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %69, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %69, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %58, label %55 %59 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %60 = load %struct.mem_section_usage*, %struct.mem_section_usage** %59, align 8 %61 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %60, i64 0, i32 0, i64 0 %62 = lshr i64 %26, 9 %63 = and i64 %62, 63 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %61, i64 %63) #6, !srcloc !5 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 %67 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %68 = getelementptr %struct.page, %struct.page* %67, i64 %26 br i1 %66, label %69, label %70 %71 = phi %struct.page* [ null, %69 ], [ %68, %58 ], [ %57, %55 ] %72 = bitcast i64* %25 to i8* %73 = tail call i64 @stable_page_flags(%struct.page* %71) #76 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #76 Function:page_mapped %2 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 65536 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %16 %17 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %18 = bitcast %union.anon.20* %17 to i64* %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 1 %21 = icmp eq i64 %20, 0 %22 = add i64 %19, -1 %23 = ptrtoint %struct.page* %0 to i64 %24 = select i1 %21, i64 %23, i64 %22, !prof !4 %25 = inttoptr i64 %24 to %struct.page* %26 = getelementptr %struct.page, %struct.page* %25, i64 1, i32 1 %27 = bitcast %union.anon.20* %26 to %struct.anon.13.118233* %28 = getelementptr inbounds %struct.anon.13.118233, %struct.anon.13.118233* %27, i64 0, i32 3, i32 0 %29 = load volatile i32, i32* %28, align 4 %30 = icmp sgt i32 %29, -1 br i1 %30, label %55, label %31 %32 = tail call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 __pagevec_lru_add 2 lru_add_drain_cpu 3 lru_add_drain 4 madvise_willneed 5 do_madvise 6 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %136 %22 = bitcast %struct.xa_state* %5 to i8* %23 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 1 store %struct.xarray* %24, %struct.xarray** %23, align 8 %25 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %27 = load i64, i64* %26, align 8 %28 = and i64 %27, 4194304 %29 = icmp eq i64 %28, 0 br i1 %29, label %33, label %30, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %35 = load i64, i64* %34, align 8 %36 = sub i64 %2, %35 %37 = lshr i64 %36, 12 %38 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %39 = load i64, i64* %38, align 8 %40 = add i64 %37, %39 br label %41 %42 = phi i64 [ %32, %30 ], [ %27, %33 ] %43 = phi i64 [ %31, %30 ], [ %40, %33 ] store i64 %43, i64* %25, align 8 %44 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %45 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %47 = bitcast i8* %44 to i32* store i32 0, i32* %47, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %46, align 8 %48 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %49 = add i64 %3, 4095 %50 = and i64 %42, 4194304 %51 = icmp eq i64 %50, 0 %52 = bitcast %struct.xa_node** %48 to i8* br i1 %51, label %55, label %53, !prof !4, !misexpect !5 %56 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = sub i64 %49, %57 %59 = lshr i64 %58, 12 %60 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %61 = load i64, i64* %60, align 8 %62 = add i64 %59, %61 br label %63 %64 = phi i64 [ %54, %53 ], [ %62, %55 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %65 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 %64) #76 %66 = icmp eq i8* %65, null br i1 %66, label %135, label %67 %68 = phi i8* [ %133, %132 ], [ %65, %63 ] %69 = ptrtoint i8* %68 to i64 %70 = and i64 %69, 1 %71 = icmp eq i64 %70, 0 br i1 %71, label %92, label %72 call void @xas_pause(%struct.xa_state* nonnull %5) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #76 %73 = lshr i64 %69, 1 %74 = call %struct.page* @read_swap_cache_async(i64 %73, i32 17829066, %struct.vm_area_struct* null, i64 0, i1 zeroext false) #76 %75 = icmp eq %struct.page* %74, null br i1 %75, label %91, label %76 %77 = getelementptr inbounds %struct.page, %struct.page* %74, i64 0, i32 1 %78 = bitcast %union.anon.20* %77 to i64* %79 = load volatile i64, i64* %78, align 8 %80 = and i64 %79, 1 %81 = icmp eq i64 %80, 0 %82 = add i64 %79, -1 %83 = ptrtoint %struct.page* %74 to i64 %84 = select i1 %81, i64 %83, i64 %82, !prof !4 %85 = inttoptr i64 %84 to %struct.page* %86 = getelementptr inbounds %struct.page, %struct.page* %85, i64 0, i32 3, i32 0 %87 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %86, i32* %86) #6, !srcloc !8 %88 = and i8 %87, 1 %89 = icmp eq i8 %88, 0 br i1 %89, label %91, label %90 call void @__put_page(%struct.page* %85) #76 br label %91 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %92 %93 = load %struct.xa_node*, %struct.xa_node** %46, align 8 %94 = ptrtoint %struct.xa_node* %93 to i64 %95 = and i64 %94, 3 %96 = icmp ne i64 %95, 0 %97 = icmp eq %struct.xa_node* %93, null %98 = or i1 %97, %96 br i1 %98, label %130, label %99, !prof !9 %100 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %93, i64 0, i32 0 %101 = load i8, i8* %100, align 8 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %130, !prof !4 %104 = load i8, i8* %45, align 2 %105 = zext i8 %104 to i64 %106 = load i64, i64* %25, align 8 %107 = and i64 %106, 63 %108 = icmp eq i64 %107, %105 br i1 %108, label %109, label %130, !prof !4, !misexpect !5 %110 = icmp ugt i64 %64, %106 %111 = select i1 %110, i64 %64, i64 %106 br label %112 %113 = phi i8 [ %127, %126 ], [ %104, %109 ] %114 = phi i64 [ %128, %126 ], [ %106, %109 ] %115 = icmp eq i64 %114, %111 %116 = icmp eq i8 %113, 63 %117 = or i1 %115, %116 br i1 %117, label %130, label %118, !prof !10, !misexpect !5 %119 = zext i8 %113 to i64 %120 = add nuw nsw i64 %119, 1 %121 = getelementptr %struct.xa_node, %struct.xa_node* %93, i64 0, i32 7, i64 %120 %122 = load volatile i8*, i8** %121, align 8 %123 = ptrtoint i8* %122 to i64 %124 = and i64 %123, 3 %125 = icmp eq i64 %124, 2 br i1 %125, label %130, label %126, !prof !9, !misexpect !5 %127 = add i8 %113, 1 store i8 %127, i8* %45, align 2 %128 = add i64 %114, 1 store i64 %128, i64* %25, align 8 %129 = icmp eq i8* %122, null br i1 %129, label %112, label %132 %133 = phi i8* [ %131, %130 ], [ %122, %126 ] %134 = icmp eq i8* %133, null br i1 %134, label %135, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #76 call void @lru_add_drain() #76 Function:lru_add_drain tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !5 %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 tail call void @lru_add_drain_cpu(i32 %2) #76 Function:lru_add_drain_cpu %2 = alloca i64, align 8 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1) to i64) %7 = inttoptr i64 %6 to %struct.pagevec* %8 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %7, i64 0, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp eq i8 %9, 0 br i1 %10, label %13, label %11 tail call void @__pagevec_lru_add(%struct.pagevec* %7) #76 Function:__pagevec_lru_add %2 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 0 br i1 %4, label %44, label %5 %45 = phi i8 [ %36, %39 ], [ %43, %41 ], [ 0, %1 ] %46 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %47 = zext i8 %45 to i32 tail call void @release_pages(%struct.page** %46, i32 %47) #77 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ undef, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ undef, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 __pagevec_lru_add 2 lru_add_drain_cpu 3 lru_add_drain 4 madvise_willneed 5 do_madvise 6 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #76 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #76 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #76 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #76 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #76 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %136 %22 = bitcast %struct.xa_state* %5 to i8* %23 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 1 store %struct.xarray* %24, %struct.xarray** %23, align 8 %25 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %27 = load i64, i64* %26, align 8 %28 = and i64 %27, 4194304 %29 = icmp eq i64 %28, 0 br i1 %29, label %33, label %30, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %35 = load i64, i64* %34, align 8 %36 = sub i64 %2, %35 %37 = lshr i64 %36, 12 %38 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %39 = load i64, i64* %38, align 8 %40 = add i64 %37, %39 br label %41 %42 = phi i64 [ %32, %30 ], [ %27, %33 ] %43 = phi i64 [ %31, %30 ], [ %40, %33 ] store i64 %43, i64* %25, align 8 %44 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %45 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %47 = bitcast i8* %44 to i32* store i32 0, i32* %47, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %46, align 8 %48 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %49 = add i64 %3, 4095 %50 = and i64 %42, 4194304 %51 = icmp eq i64 %50, 0 %52 = bitcast %struct.xa_node** %48 to i8* br i1 %51, label %55, label %53, !prof !4, !misexpect !5 %56 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = sub i64 %49, %57 %59 = lshr i64 %58, 12 %60 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %61 = load i64, i64* %60, align 8 %62 = add i64 %59, %61 br label %63 %64 = phi i64 [ %54, %53 ], [ %62, %55 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %65 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 %64) #76 %66 = icmp eq i8* %65, null br i1 %66, label %135, label %67 %68 = phi i8* [ %133, %132 ], [ %65, %63 ] %69 = ptrtoint i8* %68 to i64 %70 = and i64 %69, 1 %71 = icmp eq i64 %70, 0 br i1 %71, label %92, label %72 call void @xas_pause(%struct.xa_state* nonnull %5) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #76 %73 = lshr i64 %69, 1 %74 = call %struct.page* @read_swap_cache_async(i64 %73, i32 17829066, %struct.vm_area_struct* null, i64 0, i1 zeroext false) #76 %75 = icmp eq %struct.page* %74, null br i1 %75, label %91, label %76 %77 = getelementptr inbounds %struct.page, %struct.page* %74, i64 0, i32 1 %78 = bitcast %union.anon.20* %77 to i64* %79 = load volatile i64, i64* %78, align 8 %80 = and i64 %79, 1 %81 = icmp eq i64 %80, 0 %82 = add i64 %79, -1 %83 = ptrtoint %struct.page* %74 to i64 %84 = select i1 %81, i64 %83, i64 %82, !prof !4 %85 = inttoptr i64 %84 to %struct.page* %86 = getelementptr inbounds %struct.page, %struct.page* %85, i64 0, i32 3, i32 0 %87 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %86, i32* %86) #6, !srcloc !8 %88 = and i8 %87, 1 %89 = icmp eq i8 %88, 0 br i1 %89, label %91, label %90 call void @__put_page(%struct.page* %85) #76 br label %91 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %92 %93 = load %struct.xa_node*, %struct.xa_node** %46, align 8 %94 = ptrtoint %struct.xa_node* %93 to i64 %95 = and i64 %94, 3 %96 = icmp ne i64 %95, 0 %97 = icmp eq %struct.xa_node* %93, null %98 = or i1 %97, %96 br i1 %98, label %130, label %99, !prof !9 %100 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %93, i64 0, i32 0 %101 = load i8, i8* %100, align 8 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %130, !prof !4 %104 = load i8, i8* %45, align 2 %105 = zext i8 %104 to i64 %106 = load i64, i64* %25, align 8 %107 = and i64 %106, 63 %108 = icmp eq i64 %107, %105 br i1 %108, label %109, label %130, !prof !4, !misexpect !5 %110 = icmp ugt i64 %64, %106 %111 = select i1 %110, i64 %64, i64 %106 br label %112 %113 = phi i8 [ %127, %126 ], [ %104, %109 ] %114 = phi i64 [ %128, %126 ], [ %106, %109 ] %115 = icmp eq i64 %114, %111 %116 = icmp eq i8 %113, 63 %117 = or i1 %115, %116 br i1 %117, label %130, label %118, !prof !10, !misexpect !5 %119 = zext i8 %113 to i64 %120 = add nuw nsw i64 %119, 1 %121 = getelementptr %struct.xa_node, %struct.xa_node* %93, i64 0, i32 7, i64 %120 %122 = load volatile i8*, i8** %121, align 8 %123 = ptrtoint i8* %122 to i64 %124 = and i64 %123, 3 %125 = icmp eq i64 %124, 2 br i1 %125, label %130, label %126, !prof !9, !misexpect !5 %127 = add i8 %113, 1 store i8 %127, i8* %45, align 2 %128 = add i64 %114, 1 store i64 %128, i64* %25, align 8 %129 = icmp eq i8* %122, null br i1 %129, label %112, label %132 %133 = phi i8* [ %131, %130 ], [ %122, %126 ] %134 = icmp eq i8* %133, null br i1 %134, label %135, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #76 call void @lru_add_drain() #76 Function:lru_add_drain tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !5 %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 tail call void @lru_add_drain_cpu(i32 %2) #76 Function:lru_add_drain_cpu %2 = alloca i64, align 8 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1) to i64) %7 = inttoptr i64 %6 to %struct.pagevec* %8 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %7, i64 0, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp eq i8 %9, 0 br i1 %10, label %13, label %11 tail call void @__pagevec_lru_add(%struct.pagevec* %7) #76 Function:__pagevec_lru_add %2 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 0 br i1 %4, label %44, label %5 %45 = phi i8 [ %36, %39 ], [ %43, %41 ], [ 0, %1 ] %46 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %47 = zext i8 %45 to i32 tail call void @release_pages(%struct.page** %46, i32 %47) #77 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ undef, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ undef, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 pagevec_lru_move_fn 2 mark_page_accessed 3 pagecache_get_page 4 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ %22, %30 ], [ %127, %121 ] %38 = phi i64 [ 0, %30 ], [ %112, %121 ] %39 = phi i64 [ %26, %30 ], [ %130, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %37, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %37, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %39 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %39 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %37, i32 2, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 call void @mark_page_accessed(%struct.page* nonnull %172) #76 Function:mark_page_accessed %2 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %3 = bitcast %union.anon.20* %2 to i64* %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 %7 = add i64 %4, -1 %8 = ptrtoint %struct.page* %0 to i64 %9 = select i1 %6, i64 %8, i64 %7, !prof !4 %10 = inttoptr i64 %9 to %struct.page* %11 = getelementptr inbounds %struct.page, %struct.page* %10, i64 0, i32 1 %12 = bitcast %union.anon.20* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 1 %15 = icmp eq i64 %14, 0 %16 = add i64 %13, -1 %17 = select i1 %15, i64 %9, i64 %16, !prof !4 %18 = inttoptr i64 %17 to %struct.page* %19 = getelementptr inbounds %struct.page, %struct.page* %18, i64 0, i32 0 %20 = load volatile i64, i64* %19, align 8 %21 = and i64 %20, 2 %22 = icmp eq i64 %21, 0 %23 = load volatile i64, i64* %12, align 8 %24 = and i64 %23, 1 %25 = icmp eq i64 %24, 0 %26 = add i64 %23, -1 %27 = select i1 %25, i64 %9, i64 %26 br i1 %22, label %28, label %30 %31 = inttoptr i64 %27 to %struct.page* %32 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1048576 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %163 %37 = load volatile i64, i64* %12, align 8 %38 = and i64 %37, 1 %39 = icmp eq i64 %38, 0 %40 = add i64 %37, -1 %41 = select i1 %39, i64 %9, i64 %40, !prof !4 %42 = inttoptr i64 %41 to %struct.page* %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 32 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %163 %48 = load volatile i64, i64* %12, align 8 %49 = and i64 %48, 1 %50 = icmp eq i64 %49, 0 %51 = add i64 %48, -1 %52 = select i1 %50, i64 %9, i64 %51, !prof !4 %53 = inttoptr i64 %52 to %struct.page* %54 = getelementptr inbounds %struct.page, %struct.page* %53, i64 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 16 %57 = icmp eq i64 %56, 0 br i1 %57, label %131, label %58 %59 = load volatile i64, i64* %12, align 8 %60 = and i64 %59, 1 %61 = icmp eq i64 %60, 0 %62 = add i64 %59, -1 %63 = select i1 %61, i64 %9, i64 %62, !prof !4 %64 = inttoptr i64 %63 to %struct.page* %65 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 1 %66 = bitcast %union.anon.20* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 %70 = add i64 %67, -1 %71 = select i1 %69, i64 %63, i64 %70, !prof !4 %72 = inttoptr i64 %71 to %struct.page* %73 = getelementptr inbounds %struct.page, %struct.page* %72, i64 0, i32 0 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 16 %76 = icmp eq i64 %75, 0 br i1 %76, label %156, label %77 %78 = load volatile i64, i64* %66, align 8 %79 = and i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = add i64 %78, -1 %82 = select i1 %80, i64 %63, i64 %81, !prof !4 %83 = inttoptr i64 %82 to %struct.page* %84 = getelementptr inbounds %struct.page, %struct.page* %83, i64 0, i32 0 %85 = load volatile i64, i64* %84, align 8 %86 = and i64 %85, 32 %87 = icmp eq i64 %86, 0 br i1 %87, label %88, label %156 %89 = load volatile i64, i64* %66, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 %92 = add i64 %89, -1 %93 = select i1 %91, i64 %63, i64 %92, !prof !4 %94 = inttoptr i64 %93 to %struct.page* %95 = getelementptr inbounds %struct.page, %struct.page* %94, i64 0, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = and i64 %96, 1048576 %98 = icmp eq i64 %97, 0 br i1 %98, label %99, label %156 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !7 %101 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 5)) #6, !srcloc !8 %102 = inttoptr i64 %101 to %struct.pagevec* %103 = load volatile i64, i64* %66, align 8 %104 = and i64 %103, 1 %105 = icmp eq i64 %104, 0 %106 = add i64 %103, -1 %107 = select i1 %105, i64 %63, i64 %106, !prof !4 %108 = inttoptr i64 %107 to %struct.page* %109 = getelementptr inbounds %struct.page, %struct.page* %108, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32* %109) #6, !srcloc !9 %110 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %102, i64 0, i32 0 %111 = load i8, i8* %110, align 8 %112 = add i8 %111, 1 store i8 %112, i8* %110, align 8 %113 = zext i8 %111 to i64 %114 = getelementptr %struct.pagevec, %struct.pagevec* %102, i64 0, i32 2, i64 %113 store %struct.page* %64, %struct.page** %114, align 8 %115 = icmp eq i8 %112, 15 br i1 %115, label %128, label %116 %117 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 0 %118 = load volatile i64, i64* %117, align 8 %119 = and i64 %118, 65536 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %128 %122 = load volatile i64, i64* %66, align 8 %123 = and i64 %122, 1 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %128 %126 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @lru_disable_count, i64 0, i32 0), align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %129, label %128 tail call fastcc void @pagevec_lru_move_fn(%struct.pagevec* %102, void (%struct.page*, %struct.lruvec*)* nonnull @__activate_page) #76 Function:pagevec_lru_move_fn %3 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %4 = load i8, i8* %3, align 8 %5 = icmp eq i8 %4, 0 br i1 %5, label %68, label %6 %69 = phi i8 [ %60, %63 ], [ %67, %65 ], [ 0, %2 ] %70 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %71 = zext i8 %69 to i32 tail call void @release_pages(%struct.page** %70, i32 %71) #77 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ undef, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ undef, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #76 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 pagevec_lru_move_fn 2 mark_page_accessed 3 pagecache_get_page 4 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 call void @mark_page_accessed(%struct.page* nonnull %172) #76 Function:mark_page_accessed %2 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %3 = bitcast %union.anon.20* %2 to i64* %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 %7 = add i64 %4, -1 %8 = ptrtoint %struct.page* %0 to i64 %9 = select i1 %6, i64 %8, i64 %7, !prof !4 %10 = inttoptr i64 %9 to %struct.page* %11 = getelementptr inbounds %struct.page, %struct.page* %10, i64 0, i32 1 %12 = bitcast %union.anon.20* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 1 %15 = icmp eq i64 %14, 0 %16 = add i64 %13, -1 %17 = select i1 %15, i64 %9, i64 %16, !prof !4 %18 = inttoptr i64 %17 to %struct.page* %19 = getelementptr inbounds %struct.page, %struct.page* %18, i64 0, i32 0 %20 = load volatile i64, i64* %19, align 8 %21 = and i64 %20, 2 %22 = icmp eq i64 %21, 0 %23 = load volatile i64, i64* %12, align 8 %24 = and i64 %23, 1 %25 = icmp eq i64 %24, 0 %26 = add i64 %23, -1 %27 = select i1 %25, i64 %9, i64 %26 br i1 %22, label %28, label %30 %31 = inttoptr i64 %27 to %struct.page* %32 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1048576 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %163 %37 = load volatile i64, i64* %12, align 8 %38 = and i64 %37, 1 %39 = icmp eq i64 %38, 0 %40 = add i64 %37, -1 %41 = select i1 %39, i64 %9, i64 %40, !prof !4 %42 = inttoptr i64 %41 to %struct.page* %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 32 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %163 %48 = load volatile i64, i64* %12, align 8 %49 = and i64 %48, 1 %50 = icmp eq i64 %49, 0 %51 = add i64 %48, -1 %52 = select i1 %50, i64 %9, i64 %51, !prof !4 %53 = inttoptr i64 %52 to %struct.page* %54 = getelementptr inbounds %struct.page, %struct.page* %53, i64 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 16 %57 = icmp eq i64 %56, 0 br i1 %57, label %131, label %58 %59 = load volatile i64, i64* %12, align 8 %60 = and i64 %59, 1 %61 = icmp eq i64 %60, 0 %62 = add i64 %59, -1 %63 = select i1 %61, i64 %9, i64 %62, !prof !4 %64 = inttoptr i64 %63 to %struct.page* %65 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 1 %66 = bitcast %union.anon.20* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 %70 = add i64 %67, -1 %71 = select i1 %69, i64 %63, i64 %70, !prof !4 %72 = inttoptr i64 %71 to %struct.page* %73 = getelementptr inbounds %struct.page, %struct.page* %72, i64 0, i32 0 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 16 %76 = icmp eq i64 %75, 0 br i1 %76, label %156, label %77 %78 = load volatile i64, i64* %66, align 8 %79 = and i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = add i64 %78, -1 %82 = select i1 %80, i64 %63, i64 %81, !prof !4 %83 = inttoptr i64 %82 to %struct.page* %84 = getelementptr inbounds %struct.page, %struct.page* %83, i64 0, i32 0 %85 = load volatile i64, i64* %84, align 8 %86 = and i64 %85, 32 %87 = icmp eq i64 %86, 0 br i1 %87, label %88, label %156 %89 = load volatile i64, i64* %66, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 %92 = add i64 %89, -1 %93 = select i1 %91, i64 %63, i64 %92, !prof !4 %94 = inttoptr i64 %93 to %struct.page* %95 = getelementptr inbounds %struct.page, %struct.page* %94, i64 0, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = and i64 %96, 1048576 %98 = icmp eq i64 %97, 0 br i1 %98, label %99, label %156 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !7 %101 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 5)) #6, !srcloc !8 %102 = inttoptr i64 %101 to %struct.pagevec* %103 = load volatile i64, i64* %66, align 8 %104 = and i64 %103, 1 %105 = icmp eq i64 %104, 0 %106 = add i64 %103, -1 %107 = select i1 %105, i64 %63, i64 %106, !prof !4 %108 = inttoptr i64 %107 to %struct.page* %109 = getelementptr inbounds %struct.page, %struct.page* %108, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32* %109) #6, !srcloc !9 %110 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %102, i64 0, i32 0 %111 = load i8, i8* %110, align 8 %112 = add i8 %111, 1 store i8 %112, i8* %110, align 8 %113 = zext i8 %111 to i64 %114 = getelementptr %struct.pagevec, %struct.pagevec* %102, i64 0, i32 2, i64 %113 store %struct.page* %64, %struct.page** %114, align 8 %115 = icmp eq i8 %112, 15 br i1 %115, label %128, label %116 %117 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 0 %118 = load volatile i64, i64* %117, align 8 %119 = and i64 %118, 65536 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %128 %122 = load volatile i64, i64* %66, align 8 %123 = and i64 %122, 1 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %128 %126 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @lru_disable_count, i64 0, i32 0), align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %129, label %128 tail call fastcc void @pagevec_lru_move_fn(%struct.pagevec* %102, void (%struct.page*, %struct.lruvec*)* nonnull @__activate_page) #76 Function:pagevec_lru_move_fn %3 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %4 = load i8, i8* %3, align 8 %5 = icmp eq i8 %4, 0 br i1 %5, label %68, label %6 %69 = phi i8 [ %60, %63 ], [ %67, %65 ], [ 0, %2 ] %70 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %71 = zext i8 %69 to i32 tail call void @release_pages(%struct.page** %70, i32 %71) #77 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ undef, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ undef, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #76 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked ------------- Path:  Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked 1 add_to_page_cache_lru 2 pagecache_get_page 3 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ %22, %30 ], [ %127, %121 ] %38 = phi i64 [ 0, %30 ], [ %112, %121 ] %39 = phi i64 [ %26, %30 ], [ %130, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %37, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %37, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %39 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %39 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %37, i32 2, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #76 %235 = call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #76 %236 = icmp eq %struct.page* %235, null br i1 %236, label %237, label %246 %247 = phi %struct.page* [ %244, %243 ], [ %235, %232 ] %248 = and i32 %19, 66 %249 = icmp eq i32 %248, 0 br i1 %249, label %250, label %251, !prof !5, !misexpect !6 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.12767, i64 0, i64 0), i32 1944, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "445:\0A\09.pushsection .discard.reachable\0A\09.long 445b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 br label %251 %252 = or i32 %19, 2 %253 = select i1 %249, i32 %252, i32 %19 %254 = and i32 %253, 1 %255 = icmp eq i32 %254, 0 br i1 %255, label %267, label %256 %268 = call i32 @add_to_page_cache_lru(%struct.page* nonnull %247, %struct.address_space* %0, i64 %1, i32 %216) #77 Function:add_to_page_cache_lru %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %8 = bitcast %union.anon.20* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 %12 = add i64 %9, -1 %13 = ptrtoint %struct.page* %0 to i64 %14 = select i1 %11, i64 %13, i64 %12, !prof !4 %15 = inttoptr i64 %14 to %struct.page* %16 = getelementptr inbounds %struct.page, %struct.page* %15, i64 0, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %16, i64 0) #6, !srcloc !5 %17 = call i32 @__add_to_page_cache_locked(%struct.page* %0, %struct.address_space* %1, i64 %2, i32 %3, i8** nonnull %5) #76 Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked 1 add_to_page_cache_lru 2 pagecache_get_page 3 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #76 %235 = call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #76 %236 = icmp eq %struct.page* %235, null br i1 %236, label %237, label %246 %247 = phi %struct.page* [ %244, %243 ], [ %235, %232 ] %248 = and i32 %19, 66 %249 = icmp eq i32 %248, 0 br i1 %249, label %250, label %251, !prof !5, !misexpect !6 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.12767, i64 0, i64 0), i32 1944, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "445:\0A\09.pushsection .discard.reachable\0A\09.long 445b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 br label %251 %252 = or i32 %19, 2 %253 = select i1 %249, i32 %252, i32 %19 %254 = and i32 %253, 1 %255 = icmp eq i32 %254, 0 br i1 %255, label %267, label %256 %268 = call i32 @add_to_page_cache_lru(%struct.page* nonnull %247, %struct.address_space* %0, i64 %1, i32 %216) #77 Function:add_to_page_cache_lru %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %8 = bitcast %union.anon.20* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 %12 = add i64 %9, -1 %13 = ptrtoint %struct.page* %0 to i64 %14 = select i1 %11, i64 %13, i64 %12, !prof !4 %15 = inttoptr i64 %14 to %struct.page* %16 = getelementptr inbounds %struct.page, %struct.page* %15, i64 0, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %16, i64 0) #6, !srcloc !5 %17 = call i32 @__add_to_page_cache_locked(%struct.page* %0, %struct.address_space* %1, i64 %2, i32 %3, i8** nonnull %5) #76 Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked 1 add_to_page_cache_lru 2 pagecache_get_page 3 shmem_getpage_gfp 4 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ %16, %23 ], [ %103, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ 0, %23 ], [ %100, %124 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #76 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #76 %235 = call %struct.page* bitcast (%struct.page.135675* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #76 %236 = icmp eq %struct.page* %235, null br i1 %236, label %237, label %246 %247 = phi %struct.page* [ %244, %243 ], [ %235, %232 ] %248 = and i32 %19, 66 %249 = icmp eq i32 %248, 0 br i1 %249, label %250, label %251, !prof !5, !misexpect !6 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.12767, i64 0, i64 0), i32 1944, i32 2307, i64 12) #6, !srcloc !18 call void asm sideeffect "445:\0A\09.pushsection .discard.reachable\0A\09.long 445b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 br label %251 %252 = or i32 %19, 2 %253 = select i1 %249, i32 %252, i32 %19 %254 = and i32 %253, 1 %255 = icmp eq i32 %254, 0 br i1 %255, label %267, label %256 %268 = call i32 @add_to_page_cache_lru(%struct.page* nonnull %247, %struct.address_space* %0, i64 %1, i32 %216) #77 Function:add_to_page_cache_lru %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %8 = bitcast %union.anon.20* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 %12 = add i64 %9, -1 %13 = ptrtoint %struct.page* %0 to i64 %14 = select i1 %11, i64 %13, i64 %12, !prof !4 %15 = inttoptr i64 %14 to %struct.page* %16 = getelementptr inbounds %struct.page, %struct.page* %15, i64 0, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %16, i64 0) #6, !srcloc !5 %17 = call i32 @__add_to_page_cache_locked(%struct.page* %0, %struct.address_space* %1, i64 %2, i32 %3, i8** nonnull %5) #76 Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 _copy_to_iter 1 eventfd_read ------------- Path:  Function:eventfd_read %3 = alloca i64, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %6 = load %struct.file*, %struct.file** %5, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %6, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.eventfd_ctx** %9 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %8, align 8 %10 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %11 = bitcast %struct.wait_queue_entry* %4 to i8* %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 0 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 1 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = bitcast i8** %13 to %struct.task_struct** store %struct.task_struct* %15, %struct.task_struct** %16, align 8 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @default_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %17, align 8 %18 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 3, i32 0 %19 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 3, i32 1 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %21 = bitcast %struct.list_head** %18 to i8* %22 = load i64, i64* %20, align 8 %23 = icmp ult i64 %22, 8 br i1 %23, label %127, label %24 %25 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 1 %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %25, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %26) #76 %27 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 2 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %109 %110 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 3 %111 = load i32, i32* %110, align 8 %112 = and i32 %111, 1 %113 = icmp eq i32 %112, 0 %114 = load i64, i64* %27, align 8 %115 = select i1 %113, i64 %114, i64 1 store i64 %115, i64* %3, align 8 %116 = sub i64 %114, %115 store i64 %116, i64* %27, align 8 %117 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 1, i32 1 %118 = getelementptr inbounds %struct.list_head, %struct.list_head* %117, i64 0, i32 0 %119 = load volatile %struct.list_head*, %struct.list_head** %118, align 8 %120 = icmp eq %struct.list_head* %119, %117 br i1 %120, label %122, label %121 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %123 = bitcast %struct.wait_queue_head* %25 to i8* store volatile i8 0, i8* %123, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %124 = call i64 @_copy_to_iter(i8* nonnull %10, i64 8, %struct.iov_iter* %1) #76 Function:_copy_to_iter %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.xa_state, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 3 br i1 %9, label %10, label %79, !prof !4, !misexpect !5 %80 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %81 = load i64, i64* %80, align 8 %82 = icmp ult i64 %81, %1 %83 = select i1 %82, i64 %81, i64 %1, !prof !4 %84 = icmp eq i64 %83, 0 br i1 %84, label %376, label %85, !prof !4, !misexpect !8 switch i8 %8, label %372 [ i8 0, label %86 i8 2, label %147 i8 1, label %206 i8 4, label %250 ], !prof !9 %251 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 2 %254 = load i64, i64* %253, align 8 %255 = add i64 %254, %252 %256 = lshr i64 %255, 12 %257 = bitcast %struct.xa_state* %6 to i8* %258 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %259 = bitcast %union.anon.104* %258 to i64* %260 = load i64, i64* %259, align 8 %261 = bitcast %struct.xa_state* %6 to i64* store i64 %260, i64* %261, align 8 %262 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %256, i64* %262, align 8 %263 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %264 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %265 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %266 = bitcast i8* %263 to i32* store i32 0, i32* %266, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %265, align 8 %267 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %268 = bitcast %struct.xa_node** %267 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %269 = call i8* @xas_find(%struct.xa_state* nonnull %6, i64 -1) #76 %270 = icmp eq i8* %269, null br i1 %270, label %368, label %271 %272 = trunc i64 %255 to i32 %273 = and i32 %272, 4095 br label %274 %275 = phi i8* [ %366, %365 ], [ %269, %271 ] %276 = phi i64 [ %326, %365 ], [ %83, %271 ] %277 = phi i32 [ %327, %365 ], [ %273, %271 ] %278 = phi i64 [ %328, %365 ], [ 0, %271 ] %279 = bitcast i8* %275 to %struct.page* %280 = ptrtoint i8* %275 to i64 switch i64 %280, label %282 [ i64 1030, label %325 i64 1026, label %281 ] %283 = and i64 %280, 1 %284 = icmp eq i64 %283, 0 br i1 %284, label %286, label %285, !prof !13, !misexpect !5 %287 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %279) #76 ------------- Use: =BAD PATH= Call Stack: 0 stable_page_flags 1 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %102 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %102 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %95, label %23 %24 = phi i64 [ %84, %81 ], [ %21, %18 ] %25 = phi i64* [ %83, %81 ], [ %5, %18 ] %26 = phi i64 [ %82, %81 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %69 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %69 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %69, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %69, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %69, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %69, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %58, label %55 %59 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %60 = load %struct.mem_section_usage*, %struct.mem_section_usage** %59, align 8 %61 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %60, i64 0, i32 0, i64 0 %62 = lshr i64 %26, 9 %63 = and i64 %62, 63 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %61, i64 %63) #6, !srcloc !5 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 %67 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %68 = getelementptr %struct.page, %struct.page* %67, i64 %26 br i1 %66, label %69, label %70 %71 = phi %struct.page* [ null, %69 ], [ %68, %58 ], [ %57, %55 ] %72 = bitcast i64* %25 to i8* %73 = tail call i64 @stable_page_flags(%struct.page* %71) #76 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #76 %21 = select i1 %20, i64 2048, i64 0 br label %22 %23 = phi i64 [ 0, %3 ], [ %21, %19 ] %24 = load volatile i64, i64* %7, align 8 %25 = and i64 %24, 1 %26 = icmp eq i64 %25, 0 %27 = add i64 %24, -1 %28 = select i1 %26, i64 %12, i64 %27, !prof !4 %29 = inttoptr i64 %28 to %struct.page* %30 = getelementptr inbounds %struct.page, %struct.page* %29, i64 0, i32 1, i32 0, i32 1 %31 = bitcast %struct.address_space** %30 to i64* %32 = load i64, i64* %31, align 8 %33 = shl i64 %32, 12 %34 = and i64 %33, 4096 %35 = or i64 %34, %23 %36 = load volatile i64, i64* %4, align 8 %37 = lshr i64 %36, 1 %38 = and i64 %37, 32768 %39 = or i64 %35, %38 %40 = load volatile i64, i64* %7, align 8 %41 = shl i64 %40, 16 %42 = and i64 %41, 65536 %43 = or i64 %39, %42 %44 = tail call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 pagecache_get_page 1 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ %22, %30 ], [ %127, %121 ] %38 = phi i64 [ 0, %30 ], [ %112, %121 ] %39 = phi i64 [ %26, %30 ], [ %130, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %37, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %37, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %39 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %39 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %37, i32 2, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 %177 = trunc i32 %19 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %179, label %307 %180 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %172) #76 ------------- Use: =BAD PATH= Call Stack: 0 pagecache_get_page 1 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 %177 = trunc i32 %19 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %179, label %307 %180 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %172) #76 ------------- Use: =BAD PATH= Call Stack: 0 pagecache_get_page 1 shmem_getpage_gfp 2 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ %16, %23 ], [ %103, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ 0, %23 ], [ %100, %124 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #76 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #76 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #76 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #76 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 %177 = trunc i32 %19 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %179, label %307 %180 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %172) #76 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 packet_sendmsg ------------- Path:  Function:packet_sendmsg %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = alloca i32, align 4 %7 = alloca %struct.flow_keys_basic, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.sockcm_cookie, align 8 %10 = alloca %struct.anon.193.415498, align 2 %11 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %12 = load %struct.sock*, %struct.sock** %11, align 8 %13 = bitcast %struct.sock* %12 to %struct.packet_sock* %14 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 1, i32 6, i32 2 %15 = bitcast i32* %14 to %union.anon.87** %16 = load %union.anon.87*, %union.anon.87** %15, align 16 %17 = icmp eq %union.anon.87* %16, null br i1 %17, label %769, label %18 %770 = bitcast %struct.msghdr* %1 to %struct.sockaddr_ll** %771 = load %struct.sockaddr_ll*, %struct.sockaddr_ll** %770, align 8 %772 = bitcast i32* %8 to i8* %773 = bitcast %struct.sockcm_cookie* %9 to i8* %774 = getelementptr inbounds %struct.anon.193.415498, %struct.anon.193.415498* %10, i64 0, i32 0 %775 = icmp eq %struct.sockaddr_ll* %771, null br i1 %775, label %776, label %788, !prof !6, !misexpect !7 store i32 -22, i32* %8, align 4 %789 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %790 = load i32, i32* %789, align 8 %791 = icmp ult i32 %790, 20 br i1 %791, label %1205, label %792 %793 = sext i32 %790 to i64 %794 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %771, i64 0, i32 5 %795 = load i8, i8* %794, align 1 %796 = zext i8 %795 to i64 %797 = add nuw nsw i64 %796, 12 %798 = icmp ugt i64 %797, %793 br i1 %798, label %1205, label %799 %800 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %771, i64 0, i32 1 %801 = load i16, i16* %800, align 2 %802 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 0, i32 9, i32 0 %803 = load %struct.net*, %struct.net** %802, align 8 %804 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %771, i64 0, i32 2 %805 = load i32, i32* %804, align 4 %806 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index to %struct.net_device* (%struct.net*, i32)*)(%struct.net* %803, i32 %805) #76 %807 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %808 = load i16, i16* %807, align 4 %809 = icmp eq i16 %808, 2 br i1 %809, label %810, label %822 %811 = icmp eq %struct.net_device* %806, null br i1 %811, label %820, label %812 %813 = load i32, i32* %789, align 8 %814 = sext i32 %813 to i64 %815 = getelementptr inbounds %struct.net_device, %struct.net_device* %806, i64 0, i32 51 %816 = load i8, i8* %815, align 1 %817 = zext i8 %816 to i64 %818 = add nuw nsw i64 %817, 12 %819 = icmp ugt i64 %818, %814 br i1 %819, label %1200, label %820 %821 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %771, i64 0, i32 6, i64 0 br label %822 %823 = phi i8* [ null, %784 ], [ %821, %820 ], [ null, %799 ] %824 = phi i16 [ %787, %784 ], [ %801, %820 ], [ %801, %799 ] %825 = phi %struct.net_device* [ %779, %784 ], [ %806, %820 ], [ %806, %799 ] store i32 -6, i32* %8, align 4 %826 = icmp eq %struct.net_device* %825, null br i1 %826, label %1205, label %827, !prof !4, !misexpect !5 store i32 -100, i32* %8, align 4 %828 = getelementptr inbounds %struct.net_device, %struct.net_device* %825, i64 0, i32 14 %829 = load i32, i32* %828, align 64 %830 = and i32 %829, 1 %831 = icmp eq i32 %830, 0 br i1 %831, label %1200, label %832, !prof !4, !misexpect !5 %833 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 63 %834 = load i16, i16* %833, align 8 %835 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %9, i64 0, i32 0 store i64 0, i64* %835, align 8 %836 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %9, i64 0, i32 1 %837 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %9, i64 0, i32 2 store i16 %834, i16* %837, align 4 %838 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 32 %839 = load i32, i32* %838, align 4 store i32 %839, i32* %836, align 8 %840 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %841 = load i64, i64* %840, align 8 %842 = icmp eq i64 %841, 0 br i1 %842, label %846, label %843 %844 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %12, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %9) #76 store i32 %844, i32* %8, align 4 %845 = icmp eq i32 %844, 0 br i1 %845, label %846, label %1200, !prof !6, !misexpect !5 %847 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %848 = load i16, i16* %847, align 4 %849 = icmp eq i16 %848, 3 br i1 %849, label %850, label %854 %851 = getelementptr inbounds %struct.net_device, %struct.net_device* %825, i64 0, i32 19 %852 = load i16, i16* %851, align 2 %853 = zext i16 %852 to i32 br label %854 %855 = phi i32 [ %853, %850 ], [ 0, %846 ] %856 = getelementptr inbounds %struct.packet_sock, %struct.packet_sock* %13, i64 0, i32 9 %857 = load i8, i8* %856, align 4 %858 = and i8 %857, 4 %859 = icmp eq i8 %858, 0 br i1 %859, label %898, label %860 %861 = icmp ult i64 %2, 10 br i1 %861, label %895, label %862 %863 = add i64 %2, -10 %864 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %865 = call i64 @_copy_from_iter(i8* nonnull %774, i64 10, %struct.iov_iter* %864) #76 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !8 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !9 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 2 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %189 = bitcast %union.anon.104* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #76 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !13, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #76 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !8 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !9 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 2 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %189 = bitcast %union.anon.104* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #76 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !13, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #76 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 kernfs_fop_write_iter ------------- Path:  Function:kernfs_fop_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.kernfs_open_file** %10 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %9, align 8 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %18, label %16 %17 = icmp ugt i64 %12, %14 br i1 %17, label %77, label %21 %22 = phi i64 [ %12, %16 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 8 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, null br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 5 tail call void @mutex_lock(%struct.mutex* %27) #76 br label %32 %33 = phi i8* [ %30, %28 ], [ %24, %26 ] %34 = icmp ugt i64 %22, 2147483647 br i1 %34, label %35, label %36, !prof !4, !misexpect !5 %37 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %22, %struct.iov_iter* %1) #76 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !8 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !9 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 2 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %189 = bitcast %union.anon.104* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #76 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !13, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #76 ------------- Use: =BAD PATH= Call Stack: 0 iov_iter_zero 1 read_iter_zero ------------- Path:  Function:read_iter_zero %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %38, label %6 %7 = phi i64 [ %36, %34 ], [ %4, %2 ] %8 = phi i64 [ %20, %34 ], [ 0, %2 ] %9 = icmp ult i64 %7, 4096 %10 = select i1 %9, i64 %7, i64 4096 %11 = tail call i64 @iov_iter_zero(i64 %10, %struct.iov_iter* %1) #76 Function:iov_iter_zero %3 = alloca i32, align 4 %4 = alloca i64, align 8 %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 3 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %76 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %77, %0 %79 = select i1 %78, i64 %77, i64 %0, !prof !4 %80 = icmp eq i64 %79, 0 br i1 %80, label %352, label %81, !prof !4, !misexpect !8 switch i8 %7, label %348 [ i8 0, label %82 i8 2, label %126 i8 1, label %184 i8 4, label %227 ], !prof !9 %228 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 5, i32 0 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = lshr i64 %232, 12 %234 = bitcast %struct.xa_state* %5 to i8* %235 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %236 = bitcast %union.anon.104* %235 to i64* %237 = load i64, i64* %236, align 8 %238 = bitcast %struct.xa_state* %5 to i64* store i64 %237, i64* %238, align 8 %239 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 store i64 %233, i64* %239, align 8 %240 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %241 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %242 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %243 = bitcast i8* %240 to i32* store i32 0, i32* %243, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %242, align 8 %244 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %245 = bitcast %struct.xa_node** %244 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %246 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 -1) #76 %247 = icmp eq i8* %246, null br i1 %247, label %344, label %248 %249 = trunc i64 %232 to i32 %250 = and i32 %249, 4095 br label %251 %252 = phi i8* [ %342, %341 ], [ %246, %248 ] %253 = phi i64 [ %302, %341 ], [ %79, %248 ] %254 = phi i32 [ %303, %341 ], [ %250, %248 ] %255 = phi i64 [ %304, %341 ], [ 0, %248 ] %256 = bitcast i8* %252 to %struct.page* %257 = ptrtoint i8* %252 to i64 switch i64 %257, label %259 [ i64 1030, label %301 i64 1026, label %258 ] %260 = and i64 %257, 1 %261 = icmp eq i64 %260, 0 br i1 %261, label %263, label %262, !prof !11, !misexpect !5 %264 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %256) #76 ------------- Use: =BAD PATH= Call Stack: 0 iov_iter_zero 1 read_iter_zero ------------- Path:  Function:read_iter_zero %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %38, label %6 %7 = phi i64 [ %36, %34 ], [ %4, %2 ] %8 = phi i64 [ %20, %34 ], [ 0, %2 ] %9 = icmp ult i64 %7, 4096 %10 = select i1 %9, i64 %7, i64 4096 %11 = tail call i64 @iov_iter_zero(i64 %10, %struct.iov_iter* %1) #76 Function:iov_iter_zero %3 = alloca i32, align 4 %4 = alloca i64, align 8 %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 3 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %76 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %77, %0 %79 = select i1 %78, i64 %77, i64 %0, !prof !4 %80 = icmp eq i64 %79, 0 br i1 %80, label %352, label %81, !prof !4, !misexpect !8 switch i8 %7, label %348 [ i8 0, label %82 i8 2, label %126 i8 1, label %184 i8 4, label %227 ], !prof !9 %228 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 5, i32 0 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = lshr i64 %232, 12 %234 = bitcast %struct.xa_state* %5 to i8* %235 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %236 = bitcast %union.anon.104* %235 to i64* %237 = load i64, i64* %236, align 8 %238 = bitcast %struct.xa_state* %5 to i64* store i64 %237, i64* %238, align 8 %239 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 store i64 %233, i64* %239, align 8 %240 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %241 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %242 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %243 = bitcast i8* %240 to i32* store i32 0, i32* %243, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %242, align 8 %244 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %245 = bitcast %struct.xa_node** %244 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %246 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 -1) #76 %247 = icmp eq i8* %246, null br i1 %247, label %344, label %248 %249 = trunc i64 %232 to i32 %250 = and i32 %249, 4095 br label %251 %252 = phi i8* [ %342, %341 ], [ %246, %248 ] %253 = phi i64 [ %302, %341 ], [ %79, %248 ] %254 = phi i32 [ %303, %341 ], [ %250, %248 ] %255 = phi i64 [ %304, %341 ], [ 0, %248 ] %256 = bitcast i8* %252 to %struct.page* %257 = ptrtoint i8* %252 to i64 switch i64 %257, label %259 [ i64 1030, label %301 i64 1026, label %258 ] %260 = and i64 %257, 1 %261 = icmp eq i64 %260, 0 br i1 %261, label %263, label %262, !prof !11, !misexpect !5 %264 = call i32 bitcast (i32 (%struct.page.138916*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %256) #76 ------------- Good: 914 Bad: 19 Ignored: 1216 Check Use of Function:drm_mode_convert_umode Check Use of Function:cfg80211_sched_scan_stopped_locked Check Use of Function:copy_string_kernel Use: =BAD PATH= Call Stack: 0 load_misc_binary ------------- Path:  Function:load_misc_binary %2 = load i1, i1* @enabled, align 4 br i1 %2, label %197, label %3 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @entries_lock) #76 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 15 %5 = load i8*, i8** %4, align 8 %6 = tail call i8* @strrchr(i8* %5, i32 46) #76 %7 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @entries, i64 0, i32 0), align 8 %8 = icmp eq %struct.list_head* %7, @entries br i1 %8, label %109, label %9 %10 = icmp eq i8* %6, null %11 = getelementptr i8, i8* %6, i64 1 br label %12 %13 = phi %struct.list_head* [ %7, %9 ], [ %91, %89 ] %14 = bitcast %struct.list_head* %13 to %struct.Node* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1 %16 = bitcast %struct.list_head* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 1 %19 = icmp eq i64 %18, 0 br i1 %19, label %89, label %20 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %31 br i1 %10, label %89, label %25 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 2 %27 = bitcast %struct.list_head* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @strcmp(i8* %28, i8* %11) #76 %30 = icmp eq i32 %29, 0 br i1 %30, label %93, label %89 %94 = bitcast %struct.list_head* %15 to i64* %95 = icmp eq %struct.list_head* %13, null br i1 %95, label %109, label %96 %97 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 4 %98 = bitcast %struct.list_head* %97 to %struct.dentry** %99 = load %struct.dentry*, %struct.dentry** %98, align 8 %100 = icmp eq %struct.dentry* %99, null br i1 %100, label %103, label %101 %104 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %105 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 4 %108 = icmp eq i32 %107, 0 br i1 %108, label %111, label %194 %112 = load i64, i64* %94, align 8 %113 = icmp ult i64 %112, 2147483648 br i1 %113, label %116, label %114 %117 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #76 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %194 %120 = load i64, i64* %94, align 8 %121 = and i64 %120, 1073741824 %122 = icmp eq i64 %121, 0 br i1 %122, label %127, label %123 %128 = load i8*, i8** %4, align 8 %129 = tail call i32 @copy_string_kernel(i8* %128, %struct.linux_binprm* %0) #76 ------------- Good: 8 Bad: 1 Ignored: 2 Check Use of Function:synchronize_net Check Use of Function:cfg80211_sme_auth_timeout Check Use of Function:drv_suspend Check Use of Function:ieee80211_wake_vif_queues Check Use of Function:ieee80211_do_open Check Use of Function:wiphy_regulatory_register Check Use of Function:drv_change_interface Check Use of Function:ieee80211_setup_sdata Check Use of Function:ieee80211_set_sdata_offload_flags Check Use of Function:vfat_unlink Check Use of Function:__SCT__tp_func_drv_sta_set_4addr Check Use of Function:_dev_alert Check Use of Function:ieee80211_send_4addr_nullfunc Check Use of Function:__SCT__tp_func_drv_return_void Check Use of Function:cfg80211_rdev_by_wiphy_idx Check Use of Function:do_madvise Use: =BAD PATH= Call Stack: 0 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #76 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #76 ------------- Good: 6 Bad: 2 Ignored: 3 Check Use of Function:ieee80211_check_fast_rx_iface Check Use of Function:block_ioctl Check Use of Function:ieee80211_ibss_add_sta Check Use of Function:cfg80211_rx_mgmt_khz Check Use of Function:cfg80211_sta_opmode_change_notify Check Use of Function:consume_skb Use: =BAD PATH= Call Stack: 0 msg_zerocopy_callback 1 __pskb_pull_tail 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.751083** %53 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %52, align 8 %54 = icmp eq %struct.sk_buff.751083* %53, null br i1 %54, label %169, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.750960]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %169 %170 = phi i32 [ %48, %46 ], [ %156, %155 ], [ %168, %159 ], [ %48, %73 ], [ %48, %63 ] %171 = phi i8* [ %47, %46 ], [ %157, %155 ], [ %167, %159 ], [ %47, %73 ], [ %47, %63 ] %172 = zext i32 %170 to i64 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 2 %175 = load i8, i8* %174, align 2 %176 = icmp eq i8 %175, 0 br i1 %176, label %237, label %177 %178 = phi i64 [ %226, %223 ], [ 0, %169 ] %179 = phi i8* [ %230, %223 ], [ %173, %169 ] %180 = phi i32 [ %225, %223 ], [ 0, %169 ] %181 = phi i32 [ %224, %223 ], [ %1, %169 ] %182 = getelementptr inbounds i8, i8* %179, i64 48 %183 = bitcast i8* %182 to [17 x %struct.page_frag.750960]* %184 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %178, i32 1 %185 = load i32, i32* %184, align 8 %186 = icmp slt i32 %181, %185 br i1 %186, label %206, label %187 %207 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %178 %208 = sext i32 %180 to i64 %209 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208 %210 = bitcast %struct.page_frag.750960* %209 to i8* %211 = bitcast %struct.page_frag.750960* %207 to i8* %212 = icmp eq i32 %181, 0 br i1 %212, label %221, label %213 %214 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208, i32 2 %215 = load i32, i32* %214, align 4 %216 = add i32 %215, %181 store i32 %216, i32* %214, align 4 %217 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208, i32 1 %218 = load i32, i32* %217, align 8 %219 = sub i32 %218, %181 store i32 %219, i32* %217, align 8 %220 = icmp eq i64 %178, 0 br i1 %220, label %241, label %221 %242 = load i32, i32* %3, align 8 %243 = add i32 %242, %1 store i32 %243, i32* %3, align 8 %244 = load i32, i32* %36, align 4 %245 = sub i32 %244, %1 store i32 %245, i32* %36, align 4 %246 = icmp ne i32 %245, 0 %247 = icmp eq %struct.sk_buff.751083* %0, null %248 = or i1 %247, %246 br i1 %248, label %281, label %249 %250 = load i8*, i8** %39, align 8 %251 = load i32, i32* %6, align 4 %252 = zext i32 %251 to i64 %253 = getelementptr i8, i8* %250, i64 %252 %254 = load i8, i8* %253, align 8 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %281, label %257 %258 = getelementptr inbounds i8, i8* %253, i64 40 %259 = bitcast i8* %258 to %struct.ubuf_info.751440** %260 = load %struct.ubuf_info.751440*, %struct.ubuf_info.751440** %259, align 8 %261 = icmp eq %struct.ubuf_info.751440* %260, null br i1 %261, label %281, label %262 %263 = ptrtoint %struct.ubuf_info.751440* %260 to i64 %264 = and i64 %263, 1 %265 = icmp eq i64 %264, 0 br i1 %265, label %266, label %274 %267 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %260, i64 0, i32 0 %268 = load void (%struct.sk_buff.751083*, %struct.ubuf_info.751440*, i1)*, void (%struct.sk_buff.751083*, %struct.ubuf_info.751440*, i1)** %267, align 8 tail call void %268(%struct.sk_buff.751083* nonnull %0, %struct.ubuf_info.751440* nonnull %260, i1 zeroext false) #77 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 1 %5 = bitcast %union.anon.203.750013* %4 to %struct.anon.192.751443* %6 = getelementptr inbounds %struct.anon.192.751443, %struct.anon.192.751443* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 -1, i32 1 %22 = bitcast %union.anon.203.750013* %21 to %struct.sk_buff.751083* %23 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.751117** %25 = load %struct.sock.751117*, %struct.sock.751117** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #76 br label %35 %36 = getelementptr inbounds %struct.anon.192.751443, %struct.anon.192.751443* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.203.750013* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #76 %66 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.751083*, %struct.sk_buff.751083** %66, align 8 %68 = bitcast %struct.sk_buff_head.750855* %63 to %struct.sk_buff.751083* %69 = icmp eq %struct.sk_buff.751083* %67, %68 %70 = icmp eq %struct.sk_buff.751083* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.203.750013* %21 to %struct.sk_buff.751083** store volatile %struct.sk_buff.751083* %68, %struct.sk_buff.751083** %95, align 8 %96 = getelementptr %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.751083** store volatile %struct.sk_buff.751083* %67, %struct.sk_buff.751083** %97, align 8 store volatile %struct.sk_buff.751083* %22, %struct.sk_buff.751083** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.751083* %22, %struct.sk_buff.751083** %98, align 8 %99 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.751083* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #76 tail call void bitcast (void (%struct.sock.273263*)* @sk_error_report to void (%struct.sock.751117*)*)(%struct.sock.751117* %25) #76 br label %104 %105 = phi %struct.sk_buff.751083* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.751083* %105) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #76 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_event_send 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.828735*, %struct.sk_buff.829144*)*)(%struct.neighbour.828735* %181, %struct.sk_buff.829144* null) #76 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #76 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 store i8 8, i8* %4, align 1 %99 = load volatile i64, i64* @jiffies, align 64 %100 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %99, i64* %100, align 8 %101 = load volatile i64, i64* @jiffies, align 64 %102 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %103 = load %struct.neigh_parms*, %struct.neigh_parms** %102, align 8 %104 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %103, i64 0, i32 10, i64 6 %105 = load i32, i32* %104, align 4 %106 = sext i32 %105 to i64 %107 = add i64 %101, %106 %108 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 6 %109 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %108, i64 0, i32 0, i32 0 %110 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32 1, i32* %109) #6, !srcloc !8 %111 = icmp eq i32 %110, 0 br i1 %111, label %116, label %112, !prof !9, !misexpect !6 %113 = add i32 %110, 1 %114 = or i32 %113, %110 %115 = icmp sgt i32 %114, -1 br i1 %115, label %118, label %116, !prof !5, !misexpect !6 %117 = phi i32 [ 2, %98 ], [ 1, %112 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %108, i32 %117) #76 br label %118 %119 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 9 %120 = tail call i32 @mod_timer(%struct.timer_list* %119, i64 %107) #76 %121 = icmp eq i32 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load i8, i8* %4, align 1 %124 = zext i8 %123 to i32 %125 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.15.63539, i64 0, i64 0), i32 %124) #77 tail call void @dump_stack() #77 br label %126 %127 = phi i1 [ true, %122 ], [ true, %118 ], [ false, %70 ], [ false, %66 ], [ true, %77 ] %128 = load i8, i8* %4, align 1 %129 = icmp eq i8 %128, 1 br i1 %129, label %130, label %226 %131 = icmp eq %struct.sk_buff* %1, null br i1 %131, label %226, label %132 %133 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 7 %134 = load i32, i32* %133, align 4 %135 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %136 = load i32, i32* %135, align 8 %137 = add i32 %136, %134 %138 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %139 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %140 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %139, i64 0, i32 10, i64 8 %141 = load i32, i32* %140, align 4 %142 = icmp ugt i32 %137, %141 br i1 %142, label %143, label %179 %144 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %145 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %144, i64 0, i32 0 %146 = bitcast %struct.sk_buff_head* %144 to %struct.sk_buff* %147 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %148 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 br label %149 %150 = load %struct.sk_buff*, %struct.sk_buff** %145, align 8 %151 = icmp eq %struct.sk_buff* %150, %146 %152 = icmp eq %struct.sk_buff* %150, null %153 = or i1 %151, %152 br i1 %153, label %179, label %154 %155 = load i32, i32* %147, align 8 %156 = add i32 %155, -1 store volatile i32 %156, i32* %147, align 8 %157 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 0 %158 = load %struct.sk_buff*, %struct.sk_buff** %157, align 8 %159 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 1 %160 = load %struct.sk_buff*, %struct.sk_buff** %159, align 8 %161 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %158, i64 0, i32 0, i32 0, i32 1 %162 = bitcast %struct.sk_buff* %150 to i8* store volatile %struct.sk_buff* %160, %struct.sk_buff** %161, align 8 %163 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %160, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %158, %struct.sk_buff** %163, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 42 %165 = load i32, i32* %164, align 8 %166 = load i32, i32* %133, align 4 %167 = sub i32 %166, %165 store i32 %167, i32* %133, align 4 tail call void bitcast (void (%struct.sk_buff.751083*)* @kfree_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %150) #76 %168 = load %struct.neigh_table*, %struct.neigh_table** %148, align 8 %169 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %168, i64 0, i32 28 %170 = load %struct.neigh_statistics*, %struct.neigh_statistics** %169, align 8 %171 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %170, i64 0, i32 10 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %171, i64* %171) #6, !srcloc !10 %172 = load i32, i32* %133, align 4 %173 = load i32, i32* %135, align 8 %174 = add i32 %173, %172 %175 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %176 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %175, i64 0, i32 10, i64 8 %177 = load i32, i32* %176, align 4 %178 = icmp ugt i32 %174, %177 br i1 %178, label %149, label %179 %180 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 4, i32 0, i32 0 %181 = load i64, i64* %180, align 8 %182 = and i64 %181, 1 %183 = icmp ne i64 %182, 0 %184 = icmp ugt i64 %181, 1 %185 = and i1 %184, %183 br i1 %185, label %186, label %212 %213 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %214 = bitcast %struct.sk_buff_head* %213 to %struct.sk_buff* %215 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %216 = load %struct.sk_buff*, %struct.sk_buff** %215, align 8 %217 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %214, %struct.sk_buff** %217, align 8 %218 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 1 store volatile %struct.sk_buff* %216, %struct.sk_buff** %218, align 8 store volatile %struct.sk_buff* %1, %struct.sk_buff** %215, align 8 %219 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %216, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %1, %struct.sk_buff** %219, align 8 %220 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %221 = load i32, i32* %220, align 8 %222 = add i32 %221, 1 store volatile i32 %222, i32* %220, align 8 %223 = load i32, i32* %135, align 8 %224 = load i32, i32* %133, align 4 %225 = add i32 %224, %223 store i32 %225, i32* %133, align 4 br label %226 %227 = phi i32 [ 0, %126 ], [ 1, %130 ], [ 1, %212 ] br i1 %127, label %249, label %228 %229 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %231 = load volatile %struct.sk_buff*, %struct.sk_buff** %230, align 8 %232 = bitcast %struct.sk_buff_head* %229 to %struct.sk_buff* %233 = icmp eq %struct.sk_buff* %231, %232 %234 = icmp eq %struct.sk_buff* %231, null %235 = or i1 %233, %234 br i1 %235, label %238, label %236 %237 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %231, i32 2592) #76 br label %238 %239 = phi %struct.sk_buff* [ %237, %236 ], [ null, %228 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %240 = bitcast %struct.rwlock_t* %3 to i8* store volatile i8 0, i8* %240, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %241 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %242 = load %struct.neigh_ops*, %struct.neigh_ops** %241, align 8 %243 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %242, i64 0, i32 1 %244 = load void (%struct.neighbour*, %struct.sk_buff*)*, void (%struct.neighbour*, %struct.sk_buff*)** %243, align 8 %245 = icmp eq void (%struct.neighbour*, %struct.sk_buff*)* %244, null br i1 %245, label %247, label %246 %248 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 11, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %248, i32* %248) #6, !srcloc !14 tail call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %239) #76 ------------- Good: 499 Bad: 5 Ignored: 1448 Check Use of Function:__cpuhp_remove_state Check Use of Function:drm_primary_helper_update Check Use of Function:iommu_device_sysfs_add Check Use of Function:ieee80211_data_to_8023_exthdr Check Use of Function:__pskb_pull_tail Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.859228, %struct.sk_buff.859228* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %491, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.859228*, i32)*)(%struct.sk_buff.859228* %0, i32 %33) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_vlan_untag 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_vlan_untag 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.751083** %53 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %52, align 8 %54 = icmp eq %struct.sk_buff.751083* %53, null br i1 %54, label %169, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.750960]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %169 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %169, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.751083* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %78, i64 0, i32 43, i32 0, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 1 br i1 %90, label %99, label %91 %100 = phi i32 [ %98, %94 ], [ %80, %87 ] %101 = phi %struct.sk_buff.751083* [ %92, %94 ], [ %78, %87 ] %102 = phi %struct.sk_buff.751083* [ %92, %94 ], [ null, %87 ] %103 = phi %struct.sk_buff.751083* [ %96, %94 ], [ %78, %87 ] %104 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 6 %105 = icmp ult i32 %100, %77 br i1 %105, label %129, label %106, !prof !8, !misexpect !5 %107 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 7 %108 = load i32, i32* %107, align 4 %109 = sub i32 %100, %108 %110 = icmp ugt i32 %77, %109 br i1 %110, label %111, label %117 %112 = sub i32 %77, %109 %113 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* %101, i32 %112) #77 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.751083** %53 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %52, align 8 %54 = icmp eq %struct.sk_buff.751083* %53, null br i1 %54, label %169, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.750960]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %169 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %169, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.751083* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %78, i64 0, i32 43, i32 0, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 1 br i1 %90, label %99, label %91 %100 = phi i32 [ %98, %94 ], [ %80, %87 ] %101 = phi %struct.sk_buff.751083* [ %92, %94 ], [ %78, %87 ] %102 = phi %struct.sk_buff.751083* [ %92, %94 ], [ null, %87 ] %103 = phi %struct.sk_buff.751083* [ %96, %94 ], [ %78, %87 ] %104 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 6 %105 = icmp ult i32 %100, %77 br i1 %105, label %129, label %106, !prof !8, !misexpect !5 %107 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 7 %108 = load i32, i32* %107, align 4 %109 = sub i32 %100, %108 %110 = icmp ugt i32 %77, %109 br i1 %110, label %111, label %117 %112 = sub i32 %77, %109 %113 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* %101, i32 %112) #77 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.751083** %53 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %52, align 8 %54 = icmp eq %struct.sk_buff.751083* %53, null br i1 %54, label %169, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.750960]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %169 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %169, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.751083* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %78, i64 0, i32 43, i32 0, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp eq i32 %89, 1 br i1 %90, label %99, label %91 %100 = phi i32 [ %98, %94 ], [ %80, %87 ] %101 = phi %struct.sk_buff.751083* [ %92, %94 ], [ %78, %87 ] %102 = phi %struct.sk_buff.751083* [ %92, %94 ], [ null, %87 ] %103 = phi %struct.sk_buff.751083* [ %96, %94 ], [ %78, %87 ] %104 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 6 %105 = icmp ult i32 %100, %77 br i1 %105, label %129, label %106, !prof !8, !misexpect !5 %107 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 7 %108 = load i32, i32* %107, align 4 %109 = sub i32 %100, %108 %110 = icmp ugt i32 %77, %109 br i1 %110, label %111, label %117 %112 = sub i32 %77, %109 %113 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* %101, i32 %112) #77 ------------- Good: 1054 Bad: 8 Ignored: 3593 Check Use of Function:cfg80211_sme_disassoc Check Use of Function:netlink_rcv_skb Use: =BAD PATH= Call Stack: 0 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #76 ------------- Use: =BAD PATH= Call Stack: 0 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff*, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.751083*, i32 (%struct.sk_buff.751083*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.751083* %0, i32 (%struct.sk_buff.751083*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #76 ------------- Good: 4 Bad: 2 Ignored: 0 Check Use of Function:untrack_pfn Check Use of Function:ieee80211_sta_cur_vht_bw Check Use of Function:dev_set_mtu Check Use of Function:skb_copy_bits Use: =BAD PATH= Call Stack: 0 __icmp_send 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.829233*, %struct.net_device.829233** %78, align 8 %80 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %79, i64 0, i32 109, i32 0 %81 = load %struct.net.828834*, %struct.net.828834** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.828834* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.829144* %0, i32* null) #76 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @rcu_read_unlock_strict() #76 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.829144* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #76 Function:__icmp_send %6 = alloca %struct.inetpeer_addr, align 4 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.flowi4, align 8 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.828746*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.828746** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.828746* store %struct.rtable.828746* %19, %struct.rtable.828746** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %504, label %23 %24 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.829233*, %struct.net_device.829233** %24, align 8 %26 = icmp eq %struct.net_device.829233* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = icmp eq %struct.net_device.829233* %29, null br i1 %30, label %504, label %31 %32 = phi %struct.net_device.829233* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %32, i64 0, i32 109, i32 0 %34 = load %struct.net.828834*, %struct.net.828834** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %504, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 38 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %504, label %49 %50 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, 7 %53 = icmp eq i16 %52, 0 br i1 %53, label %54, label %504 %55 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %504 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %504 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp slt i32 %91, 1 br i1 %92, label %93, label %98, !prof !4, !misexpect !5 %94 = icmp eq %struct.sk_buff.829144* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.829144*, i32, i8*, i32)*)(%struct.sk_buff.829144* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 eth_type_trans 1 bpf_prog_run_generic_xdp 2 netif_receive_generic_xdp 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 tcp_recvmsg 10 inet6_recvmsg 11 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 %87 = call fastcc i32 @netif_receive_generic_xdp(%struct.sk_buff.757762* %80, %struct.xdp_buff.757629* nonnull %6, %struct.bpf_prog.757457* nonnull %84) #76 Function:netif_receive_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %5 = load i16, i16* %4, align 2 %6 = and i16 %5, 8192 %7 = icmp eq i16 %6, 0 br i1 %7, label %8, label %100 %9 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 12 %10 = load i8, i8* %9, align 2 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %29, label %13 %14 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %29, label %25 %26 = ptrtoint i8* %15 to i64 %27 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %28 = load i32, i32* %27, align 4 br label %47 %48 = phi i32 [ %31, %33 ], [ %28, %25 ], [ 0, %37 ] %49 = phi i64 [ %36, %33 ], [ %26, %25 ], [ %43, %37 ] %50 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %51 = bitcast i8** %50 to i64* %52 = load i64, i64* %51, align 8 %53 = sub i64 %52, %49 %54 = trunc i64 %53 to i32 %55 = sub i32 256, %54 %56 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 38 %57 = load i32, i32* %56, align 8 %58 = add i32 %48, %57 %59 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %60 = load i32, i32* %59, align 4 %61 = sub i32 %58, %60 %62 = icmp sgt i32 %55, 0 %63 = sub i32 319, %54 %64 = and i32 %63, -64 %65 = select i1 %62, i32 %64, i32 0 %66 = icmp sgt i32 %61, 0 %67 = add i32 %61, 128 %68 = select i1 %66, i32 %67, i32 0 %69 = tail call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i32, i32)* @pskb_expand_head to i32 (%struct.sk_buff.757762*, i32, i32, i32)*)(%struct.sk_buff.757762* %0, i32 %65, i32 %68, i32 2592) #76 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %98 %72 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* %0, i32 %73) #76 %77 = icmp eq i8* %76, null br i1 %77, label %98, label %78 %79 = tail call i32 @bpf_prog_run_generic_xdp(%struct.sk_buff.757762* %0, %struct.xdp_buff.757629* %1, %struct.bpf_prog.757457* %2) #77 Function:bpf_prog_run_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i64 %12 = getelementptr i8, i8* %8, i64 %11 %13 = ptrtoint i8* %12 to i64 %14 = sub i64 %6, %13 %15 = trunc i64 %14 to i32 %16 = inttoptr i64 %6 to i8* %17 = bitcast i8** %7 to i64* %18 = ptrtoint i8* %8 to i64 %19 = sub i64 %6, %18 %20 = and i64 %19, 4294967295 %21 = sub nsw i64 0, %20 %22 = getelementptr i8, i8* %16, i64 %21 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = getelementptr i8, i8* %8, i64 %25 %27 = ptrtoint i8* %26 to i64 %28 = ptrtoint i8* %22 to i64 %29 = sub i64 %27, %28 %30 = trunc i64 %29 to i32 %31 = add i32 %30, 320 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %33 = load %struct.net_device.757749*, %struct.net_device.757749** %32, align 8 %34 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %33, i64 0, i32 72 %35 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %34, align 16 %36 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 10 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %55, label %39 %56 = phi %struct.netdev_rx_queue.757696* [ %54, %52 ], [ %35, %3 ], [ %35, %50 ], [ %35, %45 ] %57 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %56, i64 0, i32 0 %58 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 6 store i32 %31, i32* %58, align 8 %59 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 4 store %struct.xdp_rxq_info.757627* %57, %struct.xdp_rxq_info.757627** %59, align 8 %60 = load i64, i64* %5, align 8 %61 = load i64, i64* %17, align 8 %62 = sub i64 %60, %14 %63 = sub i64 %62, %61 %64 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = add i32 %65, %15 %69 = sub i32 %68, %67 %70 = shl i64 %63, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr i8, i8* %22, i64 %71 %73 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 3 store i8* %22, i8** %73, align 8 %74 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 0 store i8* %72, i8** %74, align 8 %75 = sext i32 %69 to i64 %76 = getelementptr i8, i8* %72, i64 %75 %77 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 1 store i8* %76, i8** %77, align 8 %78 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 2 store i8* %72, i8** %78, align 8 %79 = bitcast i8** %77 to i64* %80 = ptrtoint i8* %76 to i64 %81 = load %struct.net_device.757749*, %struct.net_device.757749** %32, align 8 %82 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %81, i64 0, i32 71 %83 = bitcast i8** %82 to i64** %84 = load i64*, i64** %83, align 8 %85 = bitcast i8* %72 to i64* %86 = load i64, i64* %85, align 8 %87 = load i64, i64* %84, align 8 %88 = xor i64 %87, %86 %89 = and i64 %88, 281474976710655 %90 = icmp eq i64 %89, 0 %91 = and i64 %86, 1 %92 = icmp ne i64 %91, 0 %93 = getelementptr inbounds i8, i8* %72, i64 12 %94 = bitcast i8* %93 to i16* %95 = load i16, i16* %94, align 1 %96 = bitcast %struct.xdp_buff.757629* %1 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %97)) #6 to label %115 [label %97], !srcloc !9 %116 = getelementptr inbounds %struct.bpf_prog.757457, %struct.bpf_prog.757457* %2, i64 0, i32 13, i64 0 %117 = getelementptr inbounds %struct.bpf_prog.757457, %struct.bpf_prog.757457* %2, i64 0, i32 9 %118 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %117, align 8 %119 = tail call i32 %118(i8* %96, %struct.bpf_insn* %116) #76 br label %120 %121 = phi i32 [ %102, %97 ], [ %119, %115 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_master_redirect_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %122)) #6 to label %123 [label %122], !srcloc !9 br label %123 %124 = phi i1 [ true, %122 ], [ false, %120 ] %125 = icmp eq i32 %121, 3 %126 = and i1 %125, %124 br i1 %126, label %127, label %142 %143 = phi i32 [ %141, %140 ], [ 3, %135 ], [ %121, %123 ], [ 3, %127 ] %144 = bitcast %struct.xdp_buff.757629* %1 to i64* %145 = load i64, i64* %144, align 8 %146 = ptrtoint i8* %72 to i64 %147 = sub i64 %145, %146 %148 = trunc i64 %147 to i32 %149 = icmp eq i32 %148, 0 br i1 %149, label %180, label %150 %181 = load i64, i64* %79, align 8 %182 = sub i64 %181, %80 %183 = trunc i64 %182 to i32 %184 = icmp eq i32 %183, 0 br i1 %184, label %197, label %185 %198 = bitcast %struct.xdp_buff.757629* %1 to %struct.ethhdr** %199 = load %struct.ethhdr*, %struct.ethhdr** %198, align 8 %200 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %199, i64 0, i32 2 %201 = load i16, i16* %200, align 1 %202 = icmp eq i16 %95, %201 %203 = load %struct.net_device.757749*, %struct.net_device.757749** %32, align 8 br i1 %202, label %204, label %219 %220 = load i8*, i8** %4, align 8 %221 = getelementptr i8, i8* %220, i64 -14 store i8* %221, i8** %4, align 8 %222 = load i32, i32* %64, align 8 %223 = add i32 %222, 14 store i32 %223, i32* %64, align 8 %224 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 16 %225 = load i16, i16* %224, align 8 %226 = and i16 %225, -8 store i16 %226, i16* %224, align 8 %227 = tail call zeroext i16 bitcast (i16 (%struct.sk_buff.775005*, %struct.net_device.774992*)* @eth_type_trans to i16 (%struct.sk_buff.757762*, %struct.net_device.757749*)*)(%struct.sk_buff.757762* %0, %struct.net_device.757749* %203) #76 Function:eth_type_trans %3 = alloca i16, align 2 %4 = bitcast i16* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.774992* %1, %struct.net_device.774992** %5, align 8 %6 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 41 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 40 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = sub i64 %8, %11 %13 = trunc i64 %12 to i16 %14 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 36 store i16 %13, i16* %14, align 2 %15 = inttoptr i64 %8 to %struct.ethhdr* %16 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = icmp ult i32 %17, 14 %19 = inttoptr i64 %8 to i8* br i1 %18, label %28, label %20, !prof !4, !misexpect !5 %29 = phi i32 [ %17, %2 ], [ %21, %26 ] %30 = phi i8* [ %19, %2 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.net_device.774992, %struct.net_device.774992* %1, i64 0, i32 71 %32 = bitcast i8** %31 to i64** %33 = load i64*, i64** %32, align 8 %34 = inttoptr i64 %8 to i64* %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %33, align 8 %37 = xor i64 %36, %35 %38 = and i64 %37, 281474976710655 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %40, !prof !8, !misexpect !5 %41 = and i64 %35, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %57, label %43, !prof !8, !misexpect !5 %44 = getelementptr inbounds %struct.net_device.774992, %struct.net_device.774992* %1, i64 0, i32 83, i64 0 %45 = bitcast i8* %44 to i64* %46 = load i64, i64* %45, align 8 %47 = xor i64 %46, %35 %48 = and i64 %47, 281474976710655 %49 = icmp eq i64 %48, 0 %50 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, -8 br i1 %49, label %53, label %55 %54 = or i16 %52, 1 br label %62 %63 = phi i16* [ %58, %57 ], [ %50, %55 ], [ %50, %53 ] %64 = phi i16 [ %61, %57 ], [ %56, %55 ], [ %54, %53 ] store i16 %64, i16* %63, align 8 br label %65 %66 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %15, i64 0, i32 2 %67 = load i16, i16* %66, align 1 %68 = and i16 %67, 254 %69 = icmp ugt i16 %68, 5 br i1 %69, label %88, label %70, !prof !8, !misexpect !9 %71 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 7 %72 = load i32, i32* %71, align 4 %73 = sub i32 %29, %72 %74 = icmp sgt i32 %73, 1 br i1 %74, label %80, label %75, !prof !8, !misexpect !9 %76 = icmp eq %struct.sk_buff.775005* %0, null br i1 %76, label %87, label %77 %78 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.775005*, i32, i8*, i32)*)(%struct.sk_buff.775005* nonnull %0, i32 0, i8* nonnull %4, i32 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 eth_type_trans 1 bpf_prog_run_generic_xdp 2 netif_receive_generic_xdp 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 %87 = call fastcc i32 @netif_receive_generic_xdp(%struct.sk_buff.757762* %80, %struct.xdp_buff.757629* nonnull %6, %struct.bpf_prog.757457* nonnull %84) #76 Function:netif_receive_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %5 = load i16, i16* %4, align 2 %6 = and i16 %5, 8192 %7 = icmp eq i16 %6, 0 br i1 %7, label %8, label %100 %9 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 12 %10 = load i8, i8* %9, align 2 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %29, label %13 %14 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %29, label %25 %26 = ptrtoint i8* %15 to i64 %27 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %28 = load i32, i32* %27, align 4 br label %47 %48 = phi i32 [ %31, %33 ], [ %28, %25 ], [ 0, %37 ] %49 = phi i64 [ %36, %33 ], [ %26, %25 ], [ %43, %37 ] %50 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %51 = bitcast i8** %50 to i64* %52 = load i64, i64* %51, align 8 %53 = sub i64 %52, %49 %54 = trunc i64 %53 to i32 %55 = sub i32 256, %54 %56 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 38 %57 = load i32, i32* %56, align 8 %58 = add i32 %48, %57 %59 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %60 = load i32, i32* %59, align 4 %61 = sub i32 %58, %60 %62 = icmp sgt i32 %55, 0 %63 = sub i32 319, %54 %64 = and i32 %63, -64 %65 = select i1 %62, i32 %64, i32 0 %66 = icmp sgt i32 %61, 0 %67 = add i32 %61, 128 %68 = select i1 %66, i32 %67, i32 0 %69 = tail call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i32, i32)* @pskb_expand_head to i32 (%struct.sk_buff.757762*, i32, i32, i32)*)(%struct.sk_buff.757762* %0, i32 %65, i32 %68, i32 2592) #76 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %98 %72 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* %0, i32 %73) #76 %77 = icmp eq i8* %76, null br i1 %77, label %98, label %78 %79 = tail call i32 @bpf_prog_run_generic_xdp(%struct.sk_buff.757762* %0, %struct.xdp_buff.757629* %1, %struct.bpf_prog.757457* %2) #77 Function:bpf_prog_run_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i64 %12 = getelementptr i8, i8* %8, i64 %11 %13 = ptrtoint i8* %12 to i64 %14 = sub i64 %6, %13 %15 = trunc i64 %14 to i32 %16 = inttoptr i64 %6 to i8* %17 = bitcast i8** %7 to i64* %18 = ptrtoint i8* %8 to i64 %19 = sub i64 %6, %18 %20 = and i64 %19, 4294967295 %21 = sub nsw i64 0, %20 %22 = getelementptr i8, i8* %16, i64 %21 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = getelementptr i8, i8* %8, i64 %25 %27 = ptrtoint i8* %26 to i64 %28 = ptrtoint i8* %22 to i64 %29 = sub i64 %27, %28 %30 = trunc i64 %29 to i32 %31 = add i32 %30, 320 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %33 = load %struct.net_device.757749*, %struct.net_device.757749** %32, align 8 %34 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %33, i64 0, i32 72 %35 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %34, align 16 %36 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 10 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %55, label %39 %56 = phi %struct.netdev_rx_queue.757696* [ %54, %52 ], [ %35, %3 ], [ %35, %50 ], [ %35, %45 ] %57 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %56, i64 0, i32 0 %58 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 6 store i32 %31, i32* %58, align 8 %59 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 4 store %struct.xdp_rxq_info.757627* %57, %struct.xdp_rxq_info.757627** %59, align 8 %60 = load i64, i64* %5, align 8 %61 = load i64, i64* %17, align 8 %62 = sub i64 %60, %14 %63 = sub i64 %62, %61 %64 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = add i32 %65, %15 %69 = sub i32 %68, %67 %70 = shl i64 %63, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr i8, i8* %22, i64 %71 %73 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 3 store i8* %22, i8** %73, align 8 %74 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 0 store i8* %72, i8** %74, align 8 %75 = sext i32 %69 to i64 %76 = getelementptr i8, i8* %72, i64 %75 %77 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 1 store i8* %76, i8** %77, align 8 %78 = getelementptr inbounds %struct.xdp_buff.757629, %struct.xdp_buff.757629* %1, i64 0, i32 2 store i8* %72, i8** %78, align 8 %79 = bitcast i8** %77 to i64* %80 = ptrtoint i8* %76 to i64 %81 = load %struct.net_device.757749*, %struct.net_device.757749** %32, align 8 %82 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %81, i64 0, i32 71 %83 = bitcast i8** %82 to i64** %84 = load i64*, i64** %83, align 8 %85 = bitcast i8* %72 to i64* %86 = load i64, i64* %85, align 8 %87 = load i64, i64* %84, align 8 %88 = xor i64 %87, %86 %89 = and i64 %88, 281474976710655 %90 = icmp eq i64 %89, 0 %91 = and i64 %86, 1 %92 = icmp ne i64 %91, 0 %93 = getelementptr inbounds i8, i8* %72, i64 12 %94 = bitcast i8* %93 to i16* %95 = load i16, i16* %94, align 1 %96 = bitcast %struct.xdp_buff.757629* %1 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %97)) #6 to label %115 [label %97], !srcloc !9 %116 = getelementptr inbounds %struct.bpf_prog.757457, %struct.bpf_prog.757457* %2, i64 0, i32 13, i64 0 %117 = getelementptr inbounds %struct.bpf_prog.757457, %struct.bpf_prog.757457* %2, i64 0, i32 9 %118 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %117, align 8 %119 = tail call i32 %118(i8* %96, %struct.bpf_insn* %116) #76 br label %120 %121 = phi i32 [ %102, %97 ], [ %119, %115 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_master_redirect_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %122)) #6 to label %123 [label %122], !srcloc !9 br label %123 %124 = phi i1 [ true, %122 ], [ false, %120 ] %125 = icmp eq i32 %121, 3 %126 = and i1 %125, %124 br i1 %126, label %127, label %142 %143 = phi i32 [ %141, %140 ], [ 3, %135 ], [ %121, %123 ], [ 3, %127 ] %144 = bitcast %struct.xdp_buff.757629* %1 to i64* %145 = load i64, i64* %144, align 8 %146 = ptrtoint i8* %72 to i64 %147 = sub i64 %145, %146 %148 = trunc i64 %147 to i32 %149 = icmp eq i32 %148, 0 br i1 %149, label %180, label %150 %181 = load i64, i64* %79, align 8 %182 = sub i64 %181, %80 %183 = trunc i64 %182 to i32 %184 = icmp eq i32 %183, 0 br i1 %184, label %197, label %185 %198 = bitcast %struct.xdp_buff.757629* %1 to %struct.ethhdr** %199 = load %struct.ethhdr*, %struct.ethhdr** %198, align 8 %200 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %199, i64 0, i32 2 %201 = load i16, i16* %200, align 1 %202 = icmp eq i16 %95, %201 %203 = load %struct.net_device.757749*, %struct.net_device.757749** %32, align 8 br i1 %202, label %204, label %219 %220 = load i8*, i8** %4, align 8 %221 = getelementptr i8, i8* %220, i64 -14 store i8* %221, i8** %4, align 8 %222 = load i32, i32* %64, align 8 %223 = add i32 %222, 14 store i32 %223, i32* %64, align 8 %224 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 16 %225 = load i16, i16* %224, align 8 %226 = and i16 %225, -8 store i16 %226, i16* %224, align 8 %227 = tail call zeroext i16 bitcast (i16 (%struct.sk_buff.775005*, %struct.net_device.774992*)* @eth_type_trans to i16 (%struct.sk_buff.757762*, %struct.net_device.757749*)*)(%struct.sk_buff.757762* %0, %struct.net_device.757749* %203) #76 Function:eth_type_trans %3 = alloca i16, align 2 %4 = bitcast i16* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.774992* %1, %struct.net_device.774992** %5, align 8 %6 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 41 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 40 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = sub i64 %8, %11 %13 = trunc i64 %12 to i16 %14 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 36 store i16 %13, i16* %14, align 2 %15 = inttoptr i64 %8 to %struct.ethhdr* %16 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = icmp ult i32 %17, 14 %19 = inttoptr i64 %8 to i8* br i1 %18, label %28, label %20, !prof !4, !misexpect !5 %29 = phi i32 [ %17, %2 ], [ %21, %26 ] %30 = phi i8* [ %19, %2 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.net_device.774992, %struct.net_device.774992* %1, i64 0, i32 71 %32 = bitcast i8** %31 to i64** %33 = load i64*, i64** %32, align 8 %34 = inttoptr i64 %8 to i64* %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %33, align 8 %37 = xor i64 %36, %35 %38 = and i64 %37, 281474976710655 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %40, !prof !8, !misexpect !5 %41 = and i64 %35, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %57, label %43, !prof !8, !misexpect !5 %44 = getelementptr inbounds %struct.net_device.774992, %struct.net_device.774992* %1, i64 0, i32 83, i64 0 %45 = bitcast i8* %44 to i64* %46 = load i64, i64* %45, align 8 %47 = xor i64 %46, %35 %48 = and i64 %47, 281474976710655 %49 = icmp eq i64 %48, 0 %50 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, -8 br i1 %49, label %53, label %55 %54 = or i16 %52, 1 br label %62 %63 = phi i16* [ %58, %57 ], [ %50, %55 ], [ %50, %53 ] %64 = phi i16 [ %61, %57 ], [ %56, %55 ], [ %54, %53 ] store i16 %64, i16* %63, align 8 br label %65 %66 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %15, i64 0, i32 2 %67 = load i16, i16* %66, align 1 %68 = and i16 %67, 254 %69 = icmp ugt i16 %68, 5 br i1 %69, label %88, label %70, !prof !8, !misexpect !9 %71 = getelementptr inbounds %struct.sk_buff.775005, %struct.sk_buff.775005* %0, i64 0, i32 7 %72 = load i32, i32* %71, align 4 %73 = sub i32 %29, %72 %74 = icmp sgt i32 %73, 1 br i1 %74, label %80, label %75, !prof !8, !misexpect !9 %76 = icmp eq %struct.sk_buff.775005* %0, null br i1 %76, label %87, label %77 %78 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.775005*, i32, i8*, i32)*)(%struct.sk_buff.775005* nonnull %0, i32 0, i8* nonnull %4, i32 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %62 = bitcast %struct.tcphdr* %3 to i8* %63 = load i64, i64* %8, align 8 %64 = sub i64 %53, %63 %65 = trunc i64 %64 to i32 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = sub i32 %34, %67 %69 = sub i32 %68, %65 %70 = icmp slt i32 %69, 20 br i1 %70, label %71, label %76, !prof !8, !misexpect !9 %72 = icmp eq %struct.sk_buff.757762* %0, null br i1 %72, label %91, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.757762*, i32, i8*, i32)*)(%struct.sk_buff.757762* nonnull %0, i32 %65, i8* nonnull %62, i32 20) #76 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %62 = bitcast %struct.tcphdr* %3 to i8* %63 = load i64, i64* %8, align 8 %64 = sub i64 %53, %63 %65 = trunc i64 %64 to i32 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = sub i32 %34, %67 %69 = sub i32 %68, %65 %70 = icmp slt i32 %69, 20 br i1 %70, label %71, label %76, !prof !8, !misexpect !9 %72 = icmp eq %struct.sk_buff.757762* %0, null br i1 %72, label %91, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.757762*, i32, i8*, i32)*)(%struct.sk_buff.757762* nonnull %0, i32 %65, i8* nonnull %62, i32 20) #76 ------------- Use: =BAD PATH= Call Stack: 0 icmp6_send 1 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.757762*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.892530*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.892530* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #76 Function:icmp6_send %7 = alloca %struct.dst_entry.757495*, align 8 %8 = alloca %struct.dst_entry.757495*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %489, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %489, label %36 %37 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %39 = icmp eq %struct.net_device.757749* %38, null br i1 %39, label %489, label %40 %41 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %38, i64 0, i32 109, i32 0 %42 = load %struct.net.757607*, %struct.net.757607** %41, align 8 %43 = getelementptr inbounds %struct.net.757607, %struct.net.757607* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #76 %54 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.891430*, %struct.in6_addr*, %struct.net_device.891316*, i32)* @ipv6_chk_addr to i32 (%struct.net.757607*, %struct.in6_addr*, %struct.net_device.757749*, i32)*)(%struct.net.757607* %42, %struct.in6_addr* %52, %struct.net_device.757749* %54, i32 0) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %489 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %489 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %93 = icmp eq %struct.sk_buff.757762* %0, null br i1 %93, label %102, label %94 %95 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.757762*, i32, i8*, i32)*)(%struct.sk_buff.757762* nonnull %0, i32 %84, i8* nonnull %13, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %94 = bitcast %struct.winsize* %4 to i8* %95 = load i64, i64* %8, align 8 %96 = sub i64 %53, %95 %97 = trunc i64 %96 to i32 %98 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %34, %99 %101 = sub i32 %100, %97 %102 = icmp slt i32 %101, 8 br i1 %102, label %108, label %103, !prof !8, !misexpect !9 %109 = icmp eq %struct.sk_buff.757762* %0, null br i1 %109, label %114, label %110 %111 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.757762*, i32, i8*, i32)*)(%struct.sk_buff.757762* nonnull %0, i32 %97, i8* nonnull %94, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %94 = bitcast %struct.winsize* %4 to i8* %95 = load i64, i64* %8, align 8 %96 = sub i64 %53, %95 %97 = trunc i64 %96 to i32 %98 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %34, %99 %101 = sub i32 %100, %97 %102 = icmp slt i32 %101, 8 br i1 %102, label %108, label %103, !prof !8, !misexpect !9 %109 = icmp eq %struct.sk_buff.757762* %0, null br i1 %109, label %114, label %110 %111 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.757762*, i32, i8*, i32)*)(%struct.sk_buff.757762* nonnull %0, i32 %97, i8* nonnull %94, i32 8) #76 ------------- Use: =BAD PATH= Call Stack: 0 icmp6_send 1 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.757762*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.892530*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.892530* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #76 Function:icmp6_send %7 = alloca %struct.dst_entry.757495*, align 8 %8 = alloca %struct.dst_entry.757495*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %489, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %489, label %36 %37 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %39 = icmp eq %struct.net_device.757749* %38, null br i1 %39, label %489, label %40 %41 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %38, i64 0, i32 109, i32 0 %42 = load %struct.net.757607*, %struct.net.757607** %41, align 8 %43 = getelementptr inbounds %struct.net.757607, %struct.net.757607* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #76 %54 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.891430*, %struct.in6_addr*, %struct.net_device.891316*, i32)* @ipv6_chk_addr to i32 (%struct.net.757607*, %struct.in6_addr*, %struct.net_device.757749*, i32)*)(%struct.net.757607* %42, %struct.in6_addr* %52, %struct.net_device.757749* %54, i32 0) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %489 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %489 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %98 = inttoptr i64 %80 to i8* %99 = sext i32 %84 to i64 %100 = getelementptr i8, i8* %98, i64 %99 %101 = icmp eq i8* %100, null br i1 %101, label %102, label %103 br label %108 %109 = phi %struct.in6_addr* [ %62, %65 ], [ null, %70 ], [ null, %103 ], [ null, %102 ] %110 = getelementptr inbounds i8, i8* %23, i64 8 %111 = bitcast i8* %110 to %struct.in6_addr* %112 = call i32 @__ipv6_addr_type(%struct.in6_addr* %111) #76 %113 = and i32 %112, 65535 %114 = and i32 %112, 32 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %122 %117 = and i32 %112, 2 %118 = icmp ne i32 %117, 0 %119 = and i32 %112, 48 %120 = icmp ne i32 %119, 0 %121 = and i1 %118, %120 br i1 %121, label %122, label %145 %146 = phi i32 [ %125, %127 ], [ %144, %137 ], [ %125, %132 ], [ 0, %116 ] %147 = icmp ne i32 %113, 0 %148 = and i32 %112, 2 %149 = icmp eq i32 %148, 0 %150 = and i1 %147, %149 br i1 %150, label %151, label %489 %152 = load i8*, i8** %18, align 8 %153 = load i16, i16* %20, align 4 %154 = zext i16 %153 to i64 %155 = getelementptr i8, i8* %152, i64 %154 %156 = getelementptr i8, i8* %155, i64 40 %157 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %158 = bitcast i8** %157 to i64* %159 = load i64, i64* %158, align 8 %160 = ptrtoint i8* %156 to i64 %161 = sub i64 %160, %159 %162 = trunc i64 %161 to i32 %163 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %164 = load i32, i32* %163, align 8 %165 = sub i32 %164, %162 %166 = getelementptr inbounds i8, i8* %155, i64 6 %167 = load i8, i8* %166, align 2 store i8 %167, i8* %10, align 1 %168 = bitcast i16* %11 to i8* %169 = icmp slt i32 %165, 0 br i1 %169, label %197, label %170 %171 = call i32 bitcast (i32 (%struct.sk_buff.273008*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.757762*, i32, i8*, i16*)*)(%struct.sk_buff.757762* %0, i32 %162, i8* nonnull %10, i16* nonnull %11) #76 %172 = icmp sgt i32 %171, -1 %173 = load i8, i8* %10, align 1 %174 = icmp eq i8 %173, 58 %175 = and i1 %172, %174 br i1 %175, label %176, label %198 %177 = load i32, i32* %163, align 8 %178 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %179 = load i32, i32* %178, align 4 %180 = sub i32 %177, %171 %181 = sub i32 %180, %179 %182 = icmp sgt i32 %181, 0 br i1 %182, label %188, label %183, !prof !4, !misexpect !5 %184 = icmp eq %struct.sk_buff.757762* %0, null br i1 %184, label %199, label %185 %186 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.757762*, i32, i8*, i32)*)(%struct.sk_buff.757762* nonnull %0, i32 %171, i8* nonnull %12, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %459 = icmp eq i32 %316, 28 %460 = and i1 %280, %459 br i1 %460, label %461, label %465 %462 = load i16, i16* %281, align 2 %463 = and i16 %462, 1 %464 = icmp eq i16 %463, 0 br i1 %464, label %465, label %484 %466 = load i32, i32* %22, align 4 %467 = sub i32 %466, %311 %468 = icmp slt i32 %467, 4 br i1 %468, label %469, label %473, !prof !4, !misexpect !10 br i1 %75, label %534, label %470 %471 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %279, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %540 = load i32, i32* %22, align 4 %541 = sub i32 %540, %311 %542 = icmp slt i32 %541, 8 br i1 %542, label %543, label %547, !prof !4, !misexpect !10 br i1 %75, label %559, label %544 %545 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %278, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %564 = load i32, i32* %22, align 4 %565 = sub i32 %564, %311 %566 = icmp slt i32 %565, 16 br i1 %566, label %567, label %571, !prof !4, !misexpect !10 br i1 %75, label %596, label %568 %569 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %273, i32 16) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %599 = load i32, i32* %22, align 4 %600 = load i32, i32* %245, align 4 %601 = and i32 %600, 8192 %602 = icmp eq i32 %601, 0 br i1 %602, label %603, label %608 %609 = icmp sgt i32 %315, 6 br i1 %609, label %666, label %610 %611 = sub i32 %599, %311 %612 = icmp slt i32 %611, 4 br i1 %612, label %613, label %619, !prof !4, !misexpect !10 br i1 %75, label %666, label %614 %615 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %270, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 br i1 %75, label %764, label %686 %687 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %268, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %678 = load i32, i32* %22, align 4 %679 = load i32, i32* %245, align 4 %680 = and i32 %679, 512 %681 = icmp eq i32 %680, 0 br i1 %681, label %764, label %682 %683 = sub i32 %678, %311 %684 = icmp slt i32 %683, 8 br i1 %684, label %685, label %689, !prof !4, !misexpect !10 %690 = sext i32 %311 to i64 %691 = getelementptr i8, i8* %66, i64 %690 %692 = icmp eq i8* %691, null br i1 %692, label %764, label %693 %694 = phi i8* [ %691, %689 ], [ %268, %686 ] %695 = bitcast i8* %694 to i16* %696 = load i16, i16* %695, align 2 %697 = icmp eq i16 %696, 256 br i1 %697, label %698, label %764 %699 = getelementptr inbounds i8, i8* %694, i64 2 %700 = bitcast i8* %699 to i16* %701 = load i16, i16* %700, align 2 %702 = icmp eq i16 %701, 8 br i1 %702, label %703, label %764 %704 = getelementptr inbounds i8, i8* %694, i64 4 %705 = load i8, i8* %704, align 2 %706 = icmp eq i8 %705, 6 br i1 %706, label %707, label %764 %708 = getelementptr inbounds i8, i8* %694, i64 5 %709 = load i8, i8* %708, align 1 %710 = icmp eq i8 %709, 4 br i1 %710, label %711, label %764 %712 = getelementptr inbounds i8, i8* %694, i64 6 %713 = bitcast i8* %712 to i16* %714 = load i16, i16* %713, align 2 switch i16 %714, label %764 [ i16 512, label %715 i16 256, label %715 ] %716 = add i32 %311, 8 %717 = sub i32 %678, %716 %718 = icmp slt i32 %717, 20 br i1 %718, label %719, label %723, !prof !4, !misexpect !10 br i1 %75, label %764, label %720 %721 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %716, i8* nonnull %267, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %390 = load i32, i32* %22, align 4 %391 = sub i32 %390, %311 %392 = icmp slt i32 %391, 40 br i1 %392, label %393, label %397, !prof !4, !misexpect !10 br i1 %75, label %454, label %394 %395 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %284, i32 40) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 br i1 %75, label %917, label %896 %897 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %891, i8* nonnull %300, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %803 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %34, i32 34) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 %1101 = sext i32 %839 to i64 %1102 = getelementptr i8, i8* %66, i64 %1101 %1103 = icmp eq i8* %1102, null br i1 %1103, label %1123, label %1104 %1105 = phi i8* [ %1102, %1100 ], [ %295, %1097 ] %1106 = load i8, i8* %1105, align 4 store i8 %1106, i8* %1093, align 2 %1107 = getelementptr inbounds i8, i8* %1105, i64 1 %1108 = load i8, i8* %1107, align 1 %1109 = getelementptr inbounds i8, i8* %1093, i64 1 store i8 %1108, i8* %1109, align 1 %1110 = load i8, i8* %1105, align 4 switch i8 %1110, label %1120 [ i8 8, label %1111 i8 0, label %1111 i8 13, label %1111 i8 14, label %1111 i8 -128, label %1111 i8 -127, label %1111 ] %1121 = getelementptr inbounds i8, i8* %1093, i64 2 %1122 = bitcast i8* %1121 to i16* store i16 0, i16* %1122, align 2 br label %1123 br label %1124 %1125 = phi i16 [ %838, %837 ], [ %838, %1084 ], [ 18312, %1054 ], [ -8826, %1051 ], [ 8, %1048 ], [ %838, %1044 ], [ %838, %1012 ], [ %986, %985 ], [ %838, %1085 ], [ %838, %1123 ] %1126 = phi i32 [ %839, %837 ], [ %839, %1084 ], [ %839, %1054 ], [ %839, %1051 ], [ %839, %1048 ], [ %1045, %1044 ], [ %1013, %1012 ], [ %987, %985 ], [ %839, %1085 ], [ %839, %1123 ] %1127 = phi i8 [ %841, %837 ], [ 6, %1084 ], [ -119, %1054 ], [ 41, %1051 ], [ 4, %1048 ], [ %1046, %1044 ], [ %1014, %1012 ], [ 47, %985 ], [ %841, %1085 ], [ %841, %1123 ] %1128 = phi i32 [ 4, %837 ], [ 4, %1084 ], [ 2, %1054 ], [ %266, %1051 ], [ %266, %1048 ], [ %1047, %1044 ], [ %1015, %1012 ], [ %988, %985 ], [ 4, %1085 ], [ 4, %1123 ] %1129 = load i32, i32* %263, align 4 %1130 = and i32 %1129, 1 %1131 = icmp eq i32 %1130, 0 br i1 %1131, label %1132, label %1179 %1133 = load i32, i32* %22, align 4 %1134 = load i32, i32* %245, align 4 %1135 = and i32 %1134, 16 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1140 %1138 = and i32 %1134, 32 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1179, label %1140 %1141 = phi i64 [ 5, %1137 ], [ 4, %1132 ] %1142 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1141 %1143 = load i16, i16* %1142, align 2 %1144 = zext i16 %1143 to i64 %1145 = getelementptr i8, i8* %3, i64 %1144 switch i8 %1127, label %1147 [ i8 6, label %1148 i8 17, label %1148 i8 33, label %1148 i8 50, label %1148 i8 -124, label %1148 i8 -120, label %1148 i8 51, label %1146 ] br label %1148 %1149 = phi i1 [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1140 ], [ true, %1146 ], [ false, %1147 ] %1150 = phi i32 [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 0, %1140 ], [ 4, %1146 ], [ -22, %1147 ] br i1 %304, label %1151, label %1156 %1152 = load i8*, i8** %305, align 8 %1153 = load i32, i32* %306, align 8 %1154 = load i32, i32* %307, align 4 %1155 = sub i32 %1153, %1154 br label %1156 %1157 = phi i32 [ %1133, %1148 ], [ %1155, %1151 ] %1158 = phi i8* [ %66, %1148 ], [ %1152, %1151 ] br i1 %1149, label %1159, label %1176 %1160 = add i32 %1150, %1126 %1161 = sub i32 %1157, %1160 %1162 = icmp slt i32 %1161, 4 br i1 %1162, label %1163, label %1167, !prof !4, !misexpect !10 br i1 %75, label %1171, label %1164 %1165 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %1160, i8* nonnull %308, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1086 = load i32, i32* %245, align 4 %1087 = and i32 %1086, 64 %1088 = icmp eq i32 %1087, 0 br i1 %1088, label %1124, label %1089 %1090 = load i32, i32* %22, align 4 %1091 = load i16, i16* %294, align 2 %1092 = zext i16 %1091 to i64 %1093 = getelementptr i8, i8* %3, i64 %1092 %1094 = sub i32 %1090, %839 %1095 = icmp slt i32 %1094, 8 br i1 %1095, label %1096, label %1100, !prof !4, !misexpect !10 br i1 %75, label %1123, label %1097 %1098 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %295, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %318 = load i32, i32* %22, align 4 %319 = sub i32 %318, %311 %320 = icmp slt i32 %319, 20 br i1 %320, label %321, label %325, !prof !4, !misexpect !10 br i1 %75, label %385, label %322 %323 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %290, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1017 = icmp eq i16 %838, -8826 br i1 %1017, label %1018, label %1044 %1019 = load i32, i32* %22, align 4 %1020 = sub i32 %1019, %839 %1021 = icmp slt i32 %1020, 8 br i1 %1021, label %1022, label %1026, !prof !4, !misexpect !10 br i1 %75, label %1044, label %1023 %1024 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %298, i32 8) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %767 = load i32, i32* %22, align 4 %768 = sub i32 %767, %311 %769 = icmp slt i32 %768, 24 br i1 %769, label %770, label %774, !prof !4, !misexpect !10 br i1 %75, label %793, label %771 %772 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %311, i8* nonnull %261, i32 24) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %1056 = load i32, i32* %22, align 4 %1057 = load i32, i32* %245, align 4 %1058 = and i32 %1057, 1048576 %1059 = icmp eq i32 %1058, 0 br i1 %1059, label %1084, label %1060 %1061 = sub i32 %1056, %839 %1062 = icmp slt i32 %1061, 20 br i1 %1062, label %1063, label %1067, !prof !4, !misexpect !10 br i1 %75, label %1084, label %1064 %1065 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %296, i32 20) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %925 = phi i32 [ %888, %884 ], [ %923, %918 ] %926 = icmp eq i16 %867, 22629 br i1 %926, label %927, label %979 %928 = add i32 %925, %839 %929 = load i32, i32* %22, align 4 %930 = sub i32 %929, %928 %931 = icmp slt i32 %930, 14 br i1 %931, label %932, label %936, !prof !4, !misexpect !10 br i1 %75, label %940, label %933 %934 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %928, i8* nonnull %303, i32 14) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %990 = icmp eq i16 %838, -8826 br i1 %990, label %991, label %1012 %992 = load i32, i32* %22, align 4 %993 = sub i32 %992, %839 %994 = icmp slt i32 %993, 2 br i1 %994, label %995, label %999, !prof !4, !misexpect !10 br i1 %75, label %1012, label %996 %997 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %33, i32 2) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 %851 = sext i32 %839 to i64 %852 = getelementptr i8, i8* %66, i64 %851 %853 = icmp eq i8* %852, null br i1 %853, label %985, label %854 %855 = phi i8* [ %852, %850 ], [ %299, %847 ] %856 = bitcast i8* %855 to i16* %857 = load i16, i16* %856, align 1 %858 = and i16 %857, 64 %859 = icmp eq i16 %858, 0 br i1 %859, label %860, label %985 %861 = and i16 %857, 1792 %863 = icmp ugt i16 %862, 1 br i1 %863, label %985, label %864 %865 = getelementptr inbounds i8, i8* %855, i64 2 %866 = bitcast i8* %865 to i16* %867 = load i16, i16* %866, align 1 %868 = icmp eq i16 %861, 0 br i1 %868, label %878, label %869 %879 = and i16 %857, 32 %880 = trunc i16 %857 to i8 %881 = icmp sgt i8 %880, -1 %882 = select i1 %881, i32 4, i32 8 %883 = icmp eq i16 %879, 0 br i1 %883, label %884, label %889 %890 = phi i32 [ %877, %874 ], [ %882, %878 ] %891 = add i32 %890, %839 %892 = load i32, i32* %22, align 4 %893 = sub i32 %892, %891 %894 = icmp slt i32 %893, 4 br i1 %894, label %895, label %899, !prof !4, !misexpect !10 %900 = sext i32 %891 to i64 %901 = getelementptr i8, i8* %66, i64 %900 %902 = bitcast i8* %901 to i32* %903 = icmp eq i8* %901, null br i1 %903, label %917, label %904 %905 = phi i32* [ %902, %899 ], [ %16, %896 ] %906 = load i32, i32* %245, align 4 %907 = and i32 %906, 4096 %908 = icmp eq i32 %907, 0 br i1 %908, label %918, label %909 %910 = load i16, i16* %301, align 2 %911 = zext i16 %910 to i64 %912 = getelementptr i8, i8* %3, i64 %911 %913 = load i32, i32* %905, align 4 %914 = and i32 %913, -65536 %915 = select i1 %868, i32 %913, i32 %914 %916 = bitcast i8* %912 to i32* store i32 %915, i32* %916, align 4 br label %918 %919 = load i16, i16* %856, align 1 %920 = and i16 %919, 16 %921 = icmp eq i16 %920, 0 %922 = select i1 %921, i32 4, i32 8 %923 = add nuw nsw i32 %922, %890 br i1 %868, label %924, label %947 %948 = icmp sgt i16 %919, -1 %949 = add nuw nsw i32 %923, 4 %950 = select i1 %948, i32 %923, i32 %949 %951 = add i32 %950, %839 %952 = load i32, i32* %22, align 4 %953 = sub i32 %952, %951 %954 = icmp slt i32 %953, 4 br i1 %954, label %955, label %959, !prof !4, !misexpect !10 br i1 %75, label %975, label %956 %957 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %951, i8* nonnull %302, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.757696*, %struct.netdev_rx_queue.757696** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.757696* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.757696, %struct.netdev_rx_queue.757696* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %1) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_xps_queue 4 netdev_pick_tx 5 netdev_core_pick_tx 6 __dev_queue_xmit 7 dev_queue_xmit 8 netlink_deliver_tap 9 netlink_sendskb 10 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_skip_exthdr 1 icmp6_send 2 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.757762*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.892530*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.892530* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #76 Function:icmp6_send %7 = alloca %struct.dst_entry.757495*, align 8 %8 = alloca %struct.dst_entry.757495*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %489, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %489, label %36 %37 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %39 = icmp eq %struct.net_device.757749* %38, null br i1 %39, label %489, label %40 %41 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %38, i64 0, i32 109, i32 0 %42 = load %struct.net.757607*, %struct.net.757607** %41, align 8 %43 = getelementptr inbounds %struct.net.757607, %struct.net.757607* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #76 %54 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.891430*, %struct.in6_addr*, %struct.net_device.891316*, i32)* @ipv6_chk_addr to i32 (%struct.net.757607*, %struct.in6_addr*, %struct.net_device.757749*, i32)*)(%struct.net.757607* %42, %struct.in6_addr* %52, %struct.net_device.757749* %54, i32 0) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %489 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %489 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %98 = inttoptr i64 %80 to i8* %99 = sext i32 %84 to i64 %100 = getelementptr i8, i8* %98, i64 %99 %101 = icmp eq i8* %100, null br i1 %101, label %102, label %103 br label %108 %109 = phi %struct.in6_addr* [ %62, %65 ], [ null, %70 ], [ null, %103 ], [ null, %102 ] %110 = getelementptr inbounds i8, i8* %23, i64 8 %111 = bitcast i8* %110 to %struct.in6_addr* %112 = call i32 @__ipv6_addr_type(%struct.in6_addr* %111) #76 %113 = and i32 %112, 65535 %114 = and i32 %112, 32 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %122 %117 = and i32 %112, 2 %118 = icmp ne i32 %117, 0 %119 = and i32 %112, 48 %120 = icmp ne i32 %119, 0 %121 = and i1 %118, %120 br i1 %121, label %122, label %145 %146 = phi i32 [ %125, %127 ], [ %144, %137 ], [ %125, %132 ], [ 0, %116 ] %147 = icmp ne i32 %113, 0 %148 = and i32 %112, 2 %149 = icmp eq i32 %148, 0 %150 = and i1 %147, %149 br i1 %150, label %151, label %489 %152 = load i8*, i8** %18, align 8 %153 = load i16, i16* %20, align 4 %154 = zext i16 %153 to i64 %155 = getelementptr i8, i8* %152, i64 %154 %156 = getelementptr i8, i8* %155, i64 40 %157 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %158 = bitcast i8** %157 to i64* %159 = load i64, i64* %158, align 8 %160 = ptrtoint i8* %156 to i64 %161 = sub i64 %160, %159 %162 = trunc i64 %161 to i32 %163 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %164 = load i32, i32* %163, align 8 %165 = sub i32 %164, %162 %166 = getelementptr inbounds i8, i8* %155, i64 6 %167 = load i8, i8* %166, align 2 store i8 %167, i8* %10, align 1 %168 = bitcast i16* %11 to i8* %169 = icmp slt i32 %165, 0 br i1 %169, label %197, label %170 %171 = call i32 bitcast (i32 (%struct.sk_buff.273008*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.757762*, i32, i8*, i16*)*)(%struct.sk_buff.757762* %0, i32 %162, i8* nonnull %10, i16* nonnull %11) #76 Function:ipv6_skip_exthdr %5 = alloca [2 x i8], align 1 %6 = alloca i16, align 2 %7 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff.273008, %struct.sk_buff.273008* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff.273008, %struct.sk_buff.273008* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff.273008, %struct.sk_buff.273008* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff.273008* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i8 [ %8, %4 ], [ %75, %73 ] %16 = phi i32 [ %1, %4 ], [ %76, %73 ] switch i8 %15, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] %18 = icmp eq i8 %15, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %16 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.273008*, i32, i8*, i32)*)(%struct.sk_buff.273008* nonnull %0, i32 %16, i8* nonnull %7, i32 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_skip_exthdr 1 icmp6_send 2 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.892530, %struct.sk_buff.892530* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.757762*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.892530*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.892530* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #76 Function:icmp6_send %7 = alloca %struct.dst_entry.757495*, align 8 %8 = alloca %struct.dst_entry.757495*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %489, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %489, label %36 %37 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %39 = icmp eq %struct.net_device.757749* %38, null br i1 %39, label %489, label %40 %41 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %38, i64 0, i32 109, i32 0 %42 = load %struct.net.757607*, %struct.net.757607** %41, align 8 %43 = getelementptr inbounds %struct.net.757607, %struct.net.757607* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #76 %54 = load %struct.net_device.757749*, %struct.net_device.757749** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.891430*, %struct.in6_addr*, %struct.net_device.891316*, i32)* @ipv6_chk_addr to i32 (%struct.net.757607*, %struct.in6_addr*, %struct.net_device.757749*, i32)*)(%struct.net.757607* %42, %struct.in6_addr* %52, %struct.net_device.757749* %54, i32 0) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %489 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %489 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %98 = inttoptr i64 %80 to i8* %99 = sext i32 %84 to i64 %100 = getelementptr i8, i8* %98, i64 %99 %101 = icmp eq i8* %100, null br i1 %101, label %102, label %103 br label %108 %109 = phi %struct.in6_addr* [ %62, %65 ], [ null, %70 ], [ null, %103 ], [ null, %102 ] %110 = getelementptr inbounds i8, i8* %23, i64 8 %111 = bitcast i8* %110 to %struct.in6_addr* %112 = call i32 @__ipv6_addr_type(%struct.in6_addr* %111) #76 %113 = and i32 %112, 65535 %114 = and i32 %112, 32 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %122 %117 = and i32 %112, 2 %118 = icmp ne i32 %117, 0 %119 = and i32 %112, 48 %120 = icmp ne i32 %119, 0 %121 = and i1 %118, %120 br i1 %121, label %122, label %145 %146 = phi i32 [ %125, %127 ], [ %144, %137 ], [ %125, %132 ], [ 0, %116 ] %147 = icmp ne i32 %113, 0 %148 = and i32 %112, 2 %149 = icmp eq i32 %148, 0 %150 = and i1 %147, %149 br i1 %150, label %151, label %489 %152 = load i8*, i8** %18, align 8 %153 = load i16, i16* %20, align 4 %154 = zext i16 %153 to i64 %155 = getelementptr i8, i8* %152, i64 %154 %156 = getelementptr i8, i8* %155, i64 40 %157 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %158 = bitcast i8** %157 to i64* %159 = load i64, i64* %158, align 8 %160 = ptrtoint i8* %156 to i64 %161 = sub i64 %160, %159 %162 = trunc i64 %161 to i32 %163 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %164 = load i32, i32* %163, align 8 %165 = sub i32 %164, %162 %166 = getelementptr inbounds i8, i8* %155, i64 6 %167 = load i8, i8* %166, align 2 store i8 %167, i8* %10, align 1 %168 = bitcast i16* %11 to i8* %169 = icmp slt i32 %165, 0 br i1 %169, label %197, label %170 %171 = call i32 bitcast (i32 (%struct.sk_buff.273008*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.757762*, i32, i8*, i16*)*)(%struct.sk_buff.757762* %0, i32 %162, i8* nonnull %10, i16* nonnull %11) #76 Function:ipv6_skip_exthdr %5 = alloca [2 x i8], align 1 %6 = alloca i16, align 2 %7 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff.273008, %struct.sk_buff.273008* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff.273008, %struct.sk_buff.273008* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff.273008, %struct.sk_buff.273008* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff.273008* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i8 [ %8, %4 ], [ %75, %73 ] %16 = phi i32 [ %1, %4 ], [ %76, %73 ] switch i8 %15, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] %18 = icmp eq i8 %15, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %16 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.273008*, i32, i8*, i32)*)(%struct.sk_buff.273008* nonnull %0, i32 %16, i8* nonnull %7, i32 2) #76 %28 = icmp sgt i32 %27, -1 br i1 %28, label %34, label %72 %35 = phi i8* [ %32, %29 ], [ %7, %26 ] %36 = icmp eq i8 %15, 44 br i1 %36, label %37, label %61 %38 = add i32 %16, 2 %39 = load i32, i32* %9, align 8 %40 = load i32, i32* %10, align 4 %41 = sub i32 %39, %38 %42 = sub i32 %41, %40 %43 = icmp slt i32 %42, 2 br i1 %43, label %44, label %48, !prof !4, !misexpect !5 br i1 %12, label %53, label %45 %46 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.273008*, i32, i8*, i32)*)(%struct.sk_buff.273008* nonnull %0, i32 %38, i8* nonnull %13, i32 2) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 skb_vlan_untag 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 tcp_recvmsg 10 inet6_recvmsg 11 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 skb_vlan_untag 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 ___skb_get_hash 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 ___skb_get_hash 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %160 = and i64 %149, 1 %161 = icmp ne i64 %160, 0 %162 = icmp ugt i64 %149, 1 %163 = and i1 %162, %161 br i1 %163, label %164, label %192 %165 = and i64 %149, -2 %166 = inttoptr i64 %165 to %struct.dst_entry.757495* %167 = getelementptr inbounds %struct.dst_entry.757495, %struct.dst_entry.757495* %166, i64 0, i32 11, i32 0 %168 = load volatile i32, i32* %167, align 4 %169 = icmp eq i32 %168, 0 br i1 %169, label %183, label %170, !prof !8, !misexpect !5 %171 = phi i32 [ %178, %177 ], [ %168, %164 ] %172 = add i32 %171, 1 %173 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %167, i32 %172, i32* %167, i32 %171) #6, !srcloc !10 %174 = extractvalue { i8, i32 } %173, 0 %175 = and i8 %174, 1 %176 = icmp eq i8 %175, 0 br i1 %176, label %177, label %180, !prof !8, !misexpect !5 %181 = phi %struct.dst_entry.757495* [ null, %177 ], [ %166, %170 ] %182 = load i16, i16* %141, align 2 br label %183 %184 = phi i16 [ %143, %164 ], [ %182, %180 ] %185 = phi %struct.dst_entry.757495* [ null, %164 ], [ %181, %180 ] %186 = ptrtoint %struct.dst_entry.757495* %185 to i64 store i64 %186, i64* %148, align 8 %187 = icmp eq %struct.dst_entry.757495* %185, null %188 = and i16 %184, 16384 %189 = select i1 %187, i16 %188, i16 16384 %190 = and i16 %184, -16385 %191 = or i16 %189, %190 store i16 %191, i16* %141, align 2 br label %192 %193 = call %struct.netdev_queue.757702* @netdev_core_pick_tx(%struct.net_device.757749* %6, %struct.sk_buff.757762* %0, %struct.net_device.757749* %1) #77 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 89 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 16 %17 = load %struct.net_device_ops.757656*, %struct.net_device_ops.757656** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.757656, %struct.net_device_ops.757656* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)*, i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.757749*, %struct.sk_buff.757762*, %struct.net_device.757749*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.757749* %0, %struct.sk_buff.757762* %1, %struct.net_device.757749* %2) #77 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 %6 = icmp eq %struct.sock.757502* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.757749* %2, null %14 = select i1 %13, %struct.net_device.757749* %0, %struct.net_device.757749* %2 br label %26 %27 = phi %struct.net_device.757749* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.757749* %0, %struct.net_device.757749* %27, %struct.sk_buff.757762* %1) #76 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.757502*, %struct.sock.757502** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i32 2, i8* blockaddress(@get_xps_queue, %6)) #6 to label %128 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i32 2, i8* blockaddress(@get_xps_queue, %7)) #6 to label %68 [label %7], !srcloc !4 %8 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %1, i64 0, i32 94, i64 1 %9 = load volatile %struct.xps_dev_maps*, %struct.xps_dev_maps** %8, align 8 %10 = icmp eq %struct.xps_dev_maps* %9, null %11 = icmp eq %struct.sock.757502* %5, null %12 = or i1 %11, %10 br i1 %12, label %68, label %13 %14 = getelementptr inbounds %struct.sock.757502, %struct.sock.757502* %5, i64 0, i32 0, i32 17 %15 = load i16, i16* %14, align 2 %16 = icmp eq i16 %15, -1 %17 = zext i16 %15 to i32 br i1 %16, label %68, label %18 %19 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 21 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 15 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.net_device.757749, %struct.net_device.757749* %0, i64 0, i32 121, i64 %22 %24 = load i8, i8* %23, align 1 %25 = zext i8 %24 to i32 %26 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 2 %27 = load i16, i16* %26, align 4 %28 = sext i16 %27 to i32 %29 = icmp slt i32 %25, %28 br i1 %29, label %30, label %68 %31 = getelementptr inbounds %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = icmp ugt i32 %32, %17 br i1 %33, label %34, label %68 %35 = mul nsw i32 %28, %17 %36 = add nsw i32 %35, %25 %37 = zext i32 %36 to i64 %38 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %9, i64 0, i32 3, i64 %37 %39 = load volatile %struct.xps_map*, %struct.xps_map** %38, align 8 %40 = icmp eq %struct.xps_map* %39, null br i1 %40, label %68, label %41 %42 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %39, i64 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %60, label %45 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %2, i64 0, i32 16 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, 768 %49 = icmp eq i16 %48, 0 br i1 %49, label %50, label %52 tail call void bitcast (void (%struct.sk_buff.756148*)* @__skb_get_hash to void (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %2) #76 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.756148* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #77 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.756246* null, %struct.sk_buff.756148* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #76 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable.858457*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock.858475* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable.858457** %8 to i8* store %struct.rtable.858457* null, %struct.rtable.858457** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %330, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %330, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %330 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #76 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %330 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %330, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %330 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 32 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 63 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.829134*, %struct.msghdr.829108*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #76 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 46 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 8 %191 = bitcast %struct.proto** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 55, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #76 %221 = call %struct.rtable.858457* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.858457* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.847250* %0 to %struct.inet_sock.847273* %4 = bitcast %struct.sock.847250* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 16 %8 = load volatile %struct.dst_entry.846955*, %struct.dst_entry.846955** %7, align 8 %9 = icmp eq %struct.dst_entry.846955* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.846955, %struct.dst_entry.846955* %8, i64 0, i32 1 %16 = load %struct.dst_ops.846956*, %struct.dst_ops.846956** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.846956, %struct.dst_ops.846956* %16, i64 0, i32 3 %18 = load %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)*, %struct.dst_entry.846955* (%struct.dst_entry.846955*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.846955* %18(%struct.dst_entry.846955* nonnull %8, i32 0) #76 %20 = icmp eq %struct.dst_entry.846955* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 7 %24 = bitcast %union.anon.48* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.846984*, %struct.net.846984** %36, align 8 %38 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 3 %44 = load i16, i16* %43, align 8 %45 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 46 %46 = load i16, i16* %45, align 4 %47 = trunc i16 %46 to i8 %48 = getelementptr inbounds %struct.inet_sock.847273, %struct.inet_sock.847273* %3, i64 0, i32 9 %49 = load i8, i8* %48, align 4 %50 = and i8 %49, 30 %51 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 13, i32 0 %52 = load volatile i64, i64* %51, align 8 %53 = lshr i64 %52, 13 %54 = trunc i64 %53 to i8 %55 = and i8 %54, 1 %56 = or i8 %55, %50 %57 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 0, i32 6 %58 = load i32, i32* %57, align 4 %59 = icmp eq %struct.sock.847250* %0, null br i1 %59, label %89, label %60 %61 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 32 %62 = load i32, i32* %61, align 4 %63 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 1, i32 0, i32 8 %64 = bitcast %struct.proto.847232** %63 to i16* %65 = load i16, i16* %64, align 8 %66 = and i16 %65, 40 %67 = icmp ne i16 %66, 0 %68 = zext i1 %67 to i8 %69 = getelementptr inbounds %struct.sock.847250, %struct.sock.847250* %0, i64 0, i32 55, i32 0 %70 = load i32, i32* %69, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %58, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %72, align 4 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %62, i32* %73, align 8 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %56, i8* %74, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %75, align 1 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %47, i8* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %68, i8* %77, align 1 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %78, align 8 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %70, i32* %80, align 4 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %82, align 8 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %84 = bitcast %struct.kuid_t* %83 to %struct.raw_hdlc_proto* %85 = bitcast %struct.kuid_t* %83 to i16* store i16 %42, i16* %85, align 8 %86 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %84, i64 0, i32 1 store i16 %44, i16* %86, align 2 %87 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %87, align 8 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.847250*, %struct.flowi_common*)*)(%struct.sock.847250* nonnull %0, %struct.flowi_common* nonnull %88) #76 br label %104 %105 = call %struct.rtable.847253* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.847253* (%struct.net.846984*, %struct.flowi4*, %struct.sock.847250*)*)(%struct.net.846984* %37, %struct.flowi4* nonnull %2, %struct.sock.847250* %0) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ipip6_tunnel_bind_dev 7 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.859215** store %struct.net_device.859215* %0, %struct.net_device.859215** %3, align 8 %4 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.859129** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #76 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.859215* %0) #76 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.859129** %11 = load %struct.net.859129*, %struct.net.859129** %10, align 8 %12 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.859215, %struct.net_device.859215* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.859079* bitcast (%struct.rtable.828746* (%struct.net.828834*, %struct.flowi4*, %struct.sock.829134*)* @ip_route_output_flow to %struct.rtable.859079* (%struct.net.859129*, %struct.flowi4*, %struct.sock.859024*)*)(%struct.net.859129* %11, %struct.flowi4* nonnull %2, %struct.sock.859024* null) #76 Function:ip_route_output_flow %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.829243* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.828746* @ip_route_output_key_hash_rcu(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, %struct.sk_buff.829144* null) #76 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.829233* bitcast (%struct.net_device.757749* (%struct.net.757607*, i32)* @dev_get_by_index_rcu to %struct.net_device.829233* (%struct.net.828834*, i32)*)(%struct.net.828834* %0, i32 %41) #76 %45 = icmp eq %struct.net_device.829233* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %52, align 8 %54 = icmp eq %struct.in_device.829188* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.829233* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %0, %struct.flowi4* %1, %struct.fib_result.829243* %2, i32 1) #76 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.829243, %struct.fib_result.829243* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %0, %struct.fib_result.829243* %2, %struct.flowi4* %1, %struct.sk_buff.829144* %3) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 __ip_rt_update_pmtu 5 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.829144* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.829233*, %struct.net_device.829233** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.829134* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.829134* %1 to %struct.inet_sock.829279* %30 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 32 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.829279, %struct.inet_sock.829279* %29, i64 0, i32 9 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 1, i32 0, i32 8 %44 = bitcast %struct.proto.829114** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 46 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.829134, %struct.sock.829134* %1, i64 0, i32 55, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.828746* %156, %struct.flowi4* nonnull %6, i32 %3) #77 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.829243, align 8 %5 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.829233*, %struct.net_device.829233** %5, align 8 %7 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.828834*, %struct.net.828834** %7, align 8 %9 = bitcast %struct.fib_result.829243* %4 to i8* %10 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %62 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !5 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %8, %struct.flowi4* %1, %struct.fib_result.829243* nonnull %4, i32 1) #76 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %8, %struct.fib_result.829243* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.829144* null) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.762396*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.828834*, %struct.flowi4*, %struct.fib_result.829243*, i32)*)(%struct.net.828834* %49, %struct.flowi4* %2, %struct.fib_result.829243* nonnull %7, i32 1) #76 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.762396*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.762287*)* @fib_select_path to void (%struct.net.828834*, %struct.fib_result.829243*, %struct.flowi4*, %struct.sk_buff.829144*)*)(%struct.net.828834* %49, %struct.fib_result.829243* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.829144* %1) #76 Function:fib_select_path %5 = alloca %struct.fib_info.762171*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.762171*, %struct.fib_info.762171** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.762171, %struct.fib_info.762171* %17, i64 0, i32 18 %19 = load %struct.nexthop.762176*, %struct.nexthop.762176** %18, align 8 %20 = icmp eq %struct.nexthop.762176* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.762176, %struct.nexthop.762176* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.762175* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.828834*, %struct.flowi4*, %struct.sk_buff.829144*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.762396*, %struct.flowi4*, %struct.sk_buff.762287*, %struct.flow_keys*)*)(%struct.net.762396* %0, %struct.flowi4* %2, %struct.sk_buff.762287* %3, %struct.flow_keys* null) #76 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.829144* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.756246*, %struct.sk_buff.756148*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.828834*, %struct.sk_buff.829144*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.828834* null, %struct.sk_buff.829144* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #77 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.234.756259, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.230, align 2 %29 = alloca %union.anon.154, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.756148* %1, null %76 = icmp ne %struct.net.756246* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.756136*, %struct.net_device.756136** %79, align 8 %81 = icmp eq %struct.net_device.756136* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.756136, %struct.net_device.756136* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.756246** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.756246*, %struct.net.756246** %91, align 8 br label %93 %94 = phi %struct.net.756246* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.756246* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %98 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** getelementptr inbounds (%struct.net.756246, %struct.net.756246* bitcast (%struct.net* @init_net to %struct.net.756246*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.756241* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.756246, %struct.net.756246* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.756241*, %struct.bpf_prog_array.756241** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.756241* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #77 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.234.756259, %struct.anon.234.756259* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.154* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.230, %struct.anon.230* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.756148* %1, null %281 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %299 = bitcast %struct.raw_hdlc_proto* %15 to i8* %300 = bitcast i32* %16 to i8* %301 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %302 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %303 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %304 = icmp eq i8* %66, null %305 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 41 %306 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 6 %307 = getelementptr inbounds %struct.sk_buff.756148, %struct.sk_buff.756148* %1, i64 0, i32 7 %308 = bitcast i32* %21 to i8* br label %309 %310 = phi i16 [ %64, %260 ], [ %833, %832 ] %311 = phi i32 [ %65, %260 ], [ %834, %832 ] %312 = phi i8 [ 0, %260 ], [ %823, %832 ] %313 = phi i32 [ 0, %260 ], [ %835, %832 ] %314 = phi i8 [ 0, %260 ], [ %836, %832 ] %315 = phi i32 [ 0, %260 ], [ %825, %832 ] %316 = phi i32 [ 28, %260 ], [ %826, %832 ] switch i16 %310, label %1201 [ i16 8, label %317 i16 -8826, label %389 i16 -22392, label %458 i16 129, label %458 i16 25736, label %539 i16 -13688, label %563 i16 18312, label %598 i16 18568, label %598 i16 1673, label %671 i16 1544, label %677 i16 13696, label %677 i16 1347, label %766 i16 -2168, label %797 ] %798 = load i32, i32* %22, align 4 %799 = sub i32 %798, %311 %800 = icmp slt i32 %799, 34 br i1 %800, label %801, label %805, !prof !4, !misexpect !10 br i1 %75, label %817, label %802 %818 = phi i32 [ %311, %805 ], [ %816, %809 ], [ %311, %802 ], [ %311, %801 ] %819 = phi i32 [ 1, %805 ], [ 0, %809 ], [ 1, %802 ], [ 1, %801 ] br label %820 %821 = phi i16 [ -2168, %817 ], [ %794, %793 ], [ %310, %764 ], [ %310, %666 ], [ -13688, %596 ], [ %560, %559 ], [ %535, %534 ], [ -8826, %454 ], [ 8, %385 ] %822 = phi i32 [ %818, %817 ], [ %795, %793 ], [ %311, %764 ], [ %669, %666 ], [ %311, %596 ], [ %561, %559 ], [ %536, %534 ], [ %455, %454 ], [ %386, %385 ] %823 = phi i8 [ %312, %817 ], [ %312, %793 ], [ %312, %764 ], [ %667, %666 ], [ %312, %596 ], [ %312, %559 ], [ %312, %534 ], [ %312, %454 ], [ %312, %385 ] %824 = phi i8 [ %314, %817 ], [ %314, %793 ], [ %314, %764 ], [ %314, %666 ], [ %314, %596 ], [ %314, %559 ], [ %314, %534 ], [ %456, %454 ], [ %387, %385 ] %825 = phi i32 [ %315, %817 ], [ %315, %793 ], [ %315, %764 ], [ %670, %666 ], [ %315, %596 ], [ %315, %559 ], [ %315, %534 ], [ %315, %454 ], [ %315, %385 ] %826 = phi i32 [ %316, %817 ], [ %316, %793 ], [ %316, %764 ], [ %316, %666 ], [ %316, %596 ], [ %316, %559 ], [ %537, %534 ], [ %316, %454 ], [ %316, %385 ] %827 = phi i32 [ %819, %817 ], [ %796, %793 ], [ %765, %764 ], [ %668, %666 ], [ %597, %596 ], [ %562, %559 ], [ %538, %534 ], [ %457, %454 ], [ %388, %385 ] switch i32 %827, label %1201 [ i32 0, label %1186 i32 2, label %829 i32 4, label %828 i32 3, label %828 ] br label %837 %838 = phi i16 [ %1125, %1183 ], [ %821, %828 ] %839 = phi i32 [ %1126, %1183 ], [ %822, %828 ] %840 = phi i32 [ %1184, %1183 ], [ %313, %828 ] %841 = phi i8 [ %1127, %1183 ], [ %824, %828 ] switch i8 %841, label %1124 [ i8 47, label %842 i8 0, label %989 i8 43, label %989 i8 60, label %989 i8 44, label %1016 i8 4, label %1048 i8 41, label %1051 i8 -119, label %1054 i8 6, label %1055 i8 1, label %1085 i8 58, label %1085 ] %843 = load i32, i32* %22, align 4 %844 = sub i32 %843, %839 %845 = icmp slt i32 %844, 4 br i1 %845, label %846, label %850, !prof !4, !misexpect !10 br i1 %75, label %985, label %847 %848 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.756148*, i32, i8*, i32)*)(%struct.sk_buff.756148* nonnull %1, i32 %839, i8* nonnull %299, i32 4) #77 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.750960]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "799:\0A\09.pushsection .discard.reachable\0A\09.long 799b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.751426*, %struct.page.751426** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.751426, %struct.page.751426* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.751321** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.751321**)) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct.751321* %77 = getelementptr inbounds %struct.task_struct.751321, %struct.task_struct.751321* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.751426* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.751083** %120 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %119, align 8 %121 = icmp eq %struct.sk_buff.751083* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.751083* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63096, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !13 tail call void asm sideeffect "805:\0A\09.pushsection .discard.reachable\0A\09.long 805b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %131 %132 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* nonnull %123, i32 %140, i8* %125, i32 %139) #76 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273230, align 8 %4 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 0 %5 = load %struct.file.273225*, %struct.file.273225** %4, align 8 %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = bitcast %struct.msghdr.273230* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 3 %15 = bitcast %union.anon.87* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 7 store %struct.kiocb.273229* %0, %struct.kiocb.273229** %19, align 8 %20 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb.273229, %struct.kiocb.273229* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr.273230, %struct.msghdr.273230* %3, i64 0, i32 2, i32 3 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i32, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i32 %42, i32 %31) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %47 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %47, i64 0, i32 18 %49 = load i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*, i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)* %49, bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.888065*, %struct.msghdr.887775*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273260*, %struct.msghdr.273230*, i64, i32)*)(%struct.socket.273260* %8, %struct.msghdr.273230* nonnull %3, i64 %52, i32 %31) #76 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.888065, %struct.socket.888065* %0, i64 0, i32 4 %7 = load %struct.sock.888068*, %struct.sock.888068** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 br label %38 %39 = getelementptr inbounds %struct.sock.888068, %struct.sock.888068* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.888043*, %struct.proto.888043** %39, align 8 %41 = getelementptr inbounds %struct.proto.888043, %struct.proto.888043* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*, i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.837334*, %struct.msghdr.836835*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.888068*, %struct.msghdr.887775*, i64, i32, i32, i32*)*)(%struct.sock.888068* %7, %struct.msghdr.887775* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #76 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.837323** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.837323**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.837323* %25 = getelementptr inbounds %struct.task_struct.837323, %struct.task_struct.837323* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.836933, %struct.sk_buff_head.836933* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.837129*, %struct.sk_buff.837129** %35, align 8 %37 = bitcast %struct.sk_buff_head.836933* %34 to %struct.sk_buff.837129* %38 = icmp eq %struct.sk_buff.837129* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.837334* %0 to i8* %51 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 56 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.837334, %struct.sock.837334* %0, i64 0, i32 57 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273260** %5 = load %struct.socket.273260*, %struct.socket.273260** %4, align 8 %6 = icmp eq %struct.poll_table_struct.272781* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)*, i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273225*, %struct.socket.273260*, %struct.poll_table_struct.272781*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %5, i64 0, i32 4 %20 = load %struct.sock.273263*, %struct.sock.273263** %19, align 8 %21 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273179** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273179**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273179* %27 = getelementptr inbounds %struct.task_struct.273179, %struct.task_struct.273179* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273263* %20 to i8* %43 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 56 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273263, %struct.sock.273263* %20, i64 0, i32 57 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #76 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.757766* br label %26 %27 = phi %struct.napi_struct.757766* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.757766* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.757766* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.757766*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.757766*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63370() #77 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #76 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.757766*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.757766* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #77 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 7 %10 = load %struct.net_device.757749*, %struct.net_device.757749** %9, align 8 %11 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.757766*, i32)*, i32 (%struct.napi_struct.757766*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.757766* %0, i32 %25) #76 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.757762** %109 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %108, align 8 %110 = bitcast %struct.sk_buff.757762* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.757762* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.757766, %struct.napi_struct.757766* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #76 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.desc_struct, align 4 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %9 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %10 = bitcast %struct.sk_buff.757762* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %43, label %12 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.757762** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %41, %31 ] %16 = phi %struct.sk_buff.757762* [ %9, %12 ], [ %18, %31 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %20 [label %19], !srcloc !4 %21 = phi i1 [ true, %19 ], [ false, %14 ] %22 = load i32, i32* @netdev_tstamp_prequeue, align 4 %23 = icmp ne i32 %22, 0 %24 = and i1 %21, %23 br i1 %24, label %25, label %31 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 2, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %16, i64 0, i32 0, i32 0, i32 1 %33 = bitcast %struct.sk_buff.757762** %32 to %struct.list_head** %34 = load %struct.list_head*, %struct.list_head** %33, align 8 %35 = bitcast %struct.sk_buff.757762* %16 to %struct.list_head** %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 1 store %struct.list_head* %34, %struct.list_head** %37, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 store volatile %struct.list_head* %36, %struct.list_head** %38, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %17, align 8 %39 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.757762* %16, %struct.sk_buff.757762** %13, align 8 store %struct.list_head* %2, %struct.list_head** %35, align 8 store %struct.list_head* %39, %struct.list_head** %33, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %40, align 8 %41 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %42 = icmp eq %struct.list_head* %41, %0 br i1 %42, label %43, label %14 %44 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %45 = icmp eq %struct.list_head* %44, %2 br i1 %45, label %53, label %46 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %54)) #6 to label %83 [label %54], !srcloc !4 %55 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %8, align 8 %56 = bitcast %struct.sk_buff.757762* %55 to %struct.list_head* %57 = icmp eq %struct.list_head* %56, %0 br i1 %57, label %83, label %58 %59 = bitcast %struct.desc_struct* %3 to i8* %60 = bitcast %struct.desc_struct** %4 to i8* br label %61 %62 = phi %struct.sk_buff.757762* [ %55, %58 ], [ %64, %80 ] %63 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 0 %64 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %63, align 8 store %struct.desc_struct* %3, %struct.desc_struct** %4, align 8 %65 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 2, i32 0 %66 = load %struct.net_device.757749*, %struct.net_device.757749** %65, align 8 %67 = call fastcc i32 @get_rps_cpu(%struct.net_device.757749* %66, %struct.sk_buff.757762* %62, %struct.desc_struct** nonnull %4) #77 %68 = icmp sgt i32 %67, -1 br i1 %68, label %69, label %80 %70 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %62, i64 0, i32 0, i32 0, i32 1 %71 = bitcast %struct.sk_buff.757762** %70 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = bitcast %struct.sk_buff.757762* %62 to %struct.list_head** %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %72, %struct.list_head** %75, align 8 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %76, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %63, align 8 %77 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %78 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %77, i64 0, i32 2 %79 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.757762* %62, i32 %67, i32* %78) #77 br label %80 %81 = bitcast %struct.sk_buff.757762* %64 to %struct.list_head* %82 = icmp eq %struct.list_head* %81, %0 br i1 %82, label %83, label %61 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #77 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %4 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %3, align 8 %5 = bitcast %struct.sk_buff.757762* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.757762* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #76 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.757762*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.757762** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.757762** %11 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %10, align 8 store %struct.sk_buff.757762* %11, %struct.sk_buff.757762** %4, align 8 %12 = bitcast %struct.sk_buff.757762* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.757762** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.757762* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.757749* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.757749*, %struct.net_device.757749** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.757762** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.757762* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.757762* null, %struct.sk_buff.757762** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.757762** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #76 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.757584, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.757629, align 8 %7 = alloca %struct.sk_buff.757762*, align 8 %8 = bitcast %struct.sk_buff.757762** %7 to i8* %9 = bitcast %struct.sk_buff.757762** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.757762** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.757762* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %14 [label %13], !srcloc !4 %15 = phi i1 [ false, %13 ], [ true, %3 ] %16 = load i32, i32* @netdev_tstamp_prequeue, align 4 %17 = icmp ne i32 %16, 0 %18 = or i1 %15, %17 br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 2, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %26)) #6 to label %40 [label %26], !srcloc !4 %41 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %42 = load %struct.net_device.757749*, %struct.net_device.757749** %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 41 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 40 %47 = bitcast i8** %46 to i64* %48 = load i64, i64* %47, align 8 %49 = sub i64 %45, %48 %50 = trunc i64 %49 to i16 %51 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 35 store i16 %50, i16* %51, align 4 %52 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 34 %53 = load i16, i16* %52, align 2 %54 = icmp eq i16 %53, -1 br i1 %54, label %55, label %56 %57 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 36 %58 = load i16, i16* %57, align 2 %59 = sub i16 %50, %58 %60 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %12, i64 0, i32 8 store i16 %59, i16* %60, align 8 %61 = bitcast %struct.xdp_buff.757629* %6 to i8* %62 = bitcast %struct.tcf_result* %5 to i8* %63 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %64 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 0 %65 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 1 %66 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 2 %67 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 3 %68 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 5 %69 = bitcast %struct.net_device.757749** %67 to i8* %70 = bitcast %struct.net.757607** %68 to i64* %71 = getelementptr inbounds %struct.nf_hook_state.757584, %struct.nf_hook_state.757584* %4, i64 0, i32 6 br label %72 %73 = phi %struct.net_device.757749* [ %42, %56 ], [ %567, %563 ] %74 = phi %struct.sk_buff.757762* [ %12, %56 ], [ %564, %563 ] %75 = phi i32 [ 1, %56 ], [ %565, %563 ] %76 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %73, i64 0, i32 17 %77 = load i32, i32* %76, align 16 %78 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %74, i64 0, i32 22 store i32 %77, i32* %78, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.757767, %struct.softnet_data.757767* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %79)) #6 to label %99 [label %79], !srcloc !4 call void @migrate_disable() #76 %80 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %81 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %80, i64 0, i32 0, i32 0, i32 2, i32 0 %82 = load %struct.net_device.757749*, %struct.net_device.757749** %81, align 8 %83 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %82, i64 0, i32 75 %84 = load volatile %struct.bpf_prog.757457*, %struct.bpf_prog.757457** %83, align 64 %85 = icmp eq %struct.bpf_prog.757457* %84, null br i1 %85, label %97, label %86 call void @migrate_enable() #76 br label %99 %100 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %101 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %100, i64 0, i32 33 %102 = load i16, i16* %101, align 8 switch i16 %102, label %106 [ i16 129, label %103 i16 -22392, label %103 ] %107 = phi %struct.sk_buff.757762* [ %100, %99 ], [ %104, %103 ] %108 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %107, i64 0, i32 18 %109 = load i16, i16* %108, align 2 %110 = and i16 %109, 2048 %111 = icmp eq i16 %110, 0 br i1 %111, label %114, label %112 %113 = and i16 %109, -2049 store i16 %113, i16* %108, align 2 br label %452 %453 = phi i16 [ %451, %445 ], [ %113, %112 ] %454 = phi %struct.sk_buff.757762* [ %446, %445 ], [ %107, %112 ] %455 = phi i64 [ %447, %445 ], [ 0, %112 ] %456 = phi i32 [ %448, %445 ], [ %75, %112 ] br i1 %1, label %457, label %463 %464 = and i16 %453, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %510, label %466 %511 = phi %struct.sk_buff.757762* [ %454, %463 ], [ %508, %506 ] %512 = phi i64 [ %455, %463 ], [ 0, %506 ] %513 = phi i32 [ %456, %463 ], [ %507, %506 ] %514 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 0, i32 0, i32 2, i32 0 %515 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %516 = getelementptr inbounds %struct.net_device.757749, %struct.net_device.757749* %515, i64 0, i32 78 %517 = load volatile i32 (%struct.sk_buff.757762**)*, i32 (%struct.sk_buff.757762**)** %516, align 8 %518 = icmp eq i32 (%struct.sk_buff.757762**)* %517, null br i1 %518, label %569, label %519 %520 = inttoptr i64 %512 to %struct.packet_type* %521 = icmp eq i64 %512, 0 br i1 %521, label %558, label %522 %523 = icmp eq %struct.sk_buff.757762* %511, null br i1 %523, label %542, label %524 %525 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 40 %526 = load i8*, i8** %525, align 8 %527 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 39 %528 = load i32, i32* %527, align 4 %529 = zext i32 %528 to i64 %530 = getelementptr i8, i8* %526, i64 %529 %531 = load i8, i8* %530, align 8 %532 = and i8 %531, 1 %533 = icmp eq i8 %532, 0 br i1 %533, label %542, label %534 %535 = getelementptr inbounds i8, i8* %530, i64 40 %536 = bitcast i8* %535 to %struct.ubuf_info.757793** %537 = load %struct.ubuf_info.757793*, %struct.ubuf_info.757793** %536, align 8 %538 = icmp eq %struct.ubuf_info.757793* %537, null br i1 %538, label %542, label %539, !prof !12, !misexpect !13 %540 = call i32 bitcast (i32 (%struct.sk_buff.751083*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.757762*, i32)*)(%struct.sk_buff.757762* nonnull %511, i32 2592) #76 %541 = icmp eq i32 %540, 0 br i1 %541, label %542, label %558, !prof !12, !misexpect !11 %543 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %511, i64 0, i32 43 %544 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %543, i64 0, i32 0, i32 0 %545 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %544, i32 1, i32* %544) #6, !srcloc !14 %546 = icmp eq i32 %545, 0 br i1 %546, label %551, label %547, !prof !10, !misexpect !11 %548 = add i32 %545, 1 %549 = or i32 %548, %545 %550 = icmp sgt i32 %549, -1 br i1 %550, label %553, label %551, !prof !12, !misexpect !11 %552 = phi i32 [ 2, %542 ], [ 1, %547 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %543, i32 %552) #76 br label %553 %554 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %520, i64 0, i32 3 %555 = load i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)*, i32 (%struct.sk_buff.757762*, %struct.net_device.757749*, %struct.packet_type*, %struct.net_device.757749*)** %554, align 8 %556 = load %struct.net_device.757749*, %struct.net_device.757749** %514, align 8 %557 = call i32 %555(%struct.sk_buff.757762* %511, %struct.net_device.757749* %556, %struct.packet_type* nonnull %520, %struct.net_device.757749* %42) #76 br label %558 %559 = phi i32 [ %513, %519 ], [ -12, %539 ], [ %557, %553 ] %560 = call i32 %517(%struct.sk_buff.757762** nonnull %7) #76 switch i32 %560, label %568 [ i32 0, label %842 i32 1, label %561 i32 2, label %572 i32 3, label %569 ] %573 = phi i64 [ %570, %569 ], [ 0, %558 ] %574 = phi i32 [ %571, %569 ], [ %559, %558 ] %575 = phi i1 [ false, %569 ], [ true, %558 ] %576 = phi i1 [ true, %569 ], [ false, %558 ] %577 = load %struct.sk_buff.757762*, %struct.sk_buff.757762** %7, align 8 %578 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %577, i64 0, i32 18 %579 = load i16, i16* %578, align 2 %580 = and i16 %579, 1 %581 = icmp eq i16 %580, 0 br i1 %581, label %606, label %582, !prof !12, !misexpect !11 %583 = phi %struct.sk_buff.757762* [ %600, %596 ], [ %577, %572 ] %584 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 25 %585 = load i16, i16* %584, align 2 %586 = and i16 %585, 4095 %587 = icmp eq i16 %586, 0 br i1 %587, label %593, label %588 %594 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 33 %595 = load i16, i16* %594, align 8 switch i16 %595, label %602 [ i16 129, label %596 i16 -22392, label %596 ] %597 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %583, i64 0, i32 18 %598 = load i16, i16* %597, align 2 %599 = and i16 %598, -2 store i16 %599, i16* %597, align 2 %600 = call %struct.sk_buff.757762* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*)* @skb_vlan_untag to %struct.sk_buff.757762* (%struct.sk_buff.757762*)*)(%struct.sk_buff.757762* %583) #76 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %140, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #76 %12 = icmp eq %struct.sk_buff.751083* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.751083* %0) #76 br label %17 %18 = phi %struct.sk_buff.751083* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %31, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %138, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.751083* nonnull %18, i32 %28) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 ------------- Good: 6102 Bad: 195 Ignored: 21744 Check Use of Function:read_iter_null Check Use of Function:cfg80211_sme_assoc_timeout Check Use of Function:nl80211_parse_mon_options Check Use of Function:__usecs_to_jiffies Check Use of Function:cfg80211_report_obss_beacon_khz Check Use of Function:__i915_gem_object_flush_frontbuffer Check Use of Function:ieee80211_deliver_skb Check Use of Function:cfg80211_rx_unprot_mlme_mgmt Check Use of Function:drv_ampdu_action Check Use of Function:ieee80211_recalc_smps Check Use of Function:drv_sync_rx_queues Check Use of Function:kcalloc.71482 Check Use of Function:netif_receive_skb_list Check Use of Function:ieee80211_alloc_led_names Check Use of Function:nl80211_notify_wiphy Check Use of Function:__hw_addr_unsync Check Use of Function:intel_legacy_cursor_update Check Use of Function:device_del Check Use of Function:translate_table Check Use of Function:debugfs_remove Check Use of Function:xt_compat_lock Check Use of Function:unregister_inetaddr_notifier Check Use of Function:xt_free_table_info Check Use of Function:register_inet6addr_notifier Check Use of Function:register_inetaddr_notifier Check Use of Function:rfkill_destroy Check Use of Function:nl80211_common_reg_change_event Check Use of Function:netns_install Check Use of Function:cfg80211_chandef_dfs_required Check Use of Function:acpi_evaluate_ej0 Check Use of Function:ieee80211_color_change_finalize Check Use of Function:ext4_should_retry_alloc Check Use of Function:security_context_to_sid_force Check Use of Function:copy_net_ns Check Use of Function:ext4_release_orphan_info Check Use of Function:sock_read_iter Check Use of Function:access_process_vm Check Use of Function:ieee80211_sta_wmm_params Check Use of Function:sta_info_move_state Check Use of Function:proc_dointvec Use: =BAD PATH= Call Stack: 0 proc_ipc_sem_dointvec ------------- Path:  Function:proc_ipc_sem_dointvec %6 = alloca %struct.ctl_table, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 8 %11 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 2 %12 = load %struct.ipc_namespace*, %struct.ipc_namespace** %11, align 8 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %12, i64 0, i32 1, i64 3 %14 = load i32, i32* %13, align 4 %15 = bitcast %struct.ctl_table* %6 to i8* %16 = bitcast %struct.ctl_table* %0 to i8* %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.ipc_namespace** %11 to i8** %21 = load i8*, i8** %20, align 8 %22 = sub i64 %19, ptrtoint (%struct.ipc_namespace.264938* @init_ipc_ns to i64) %23 = getelementptr i8, i8* %21, i64 %22 %24 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %23, i8** %24, align 8 %25 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_entropy ------------- Path:  Function:proc_do_entropy %6 = alloca %struct.ctl_table, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = bitcast i32* %7 to i8* %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %11 = bitcast i8** %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = load i32, i32* %12, align 4 %14 = ashr i32 %13, 3 store i32 %14, i32* %7, align 4 %15 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 %16 = bitcast i8** %15 to i32** store i32* %7, i32** %16, align 8 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 4, i32* %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_sysctl_rtcache_flush ------------- Path:  Function:ipv6_sysctl_rtcache_flush %6 = icmp eq i32 %1, 0 br i1 %6, label %20, label %7 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 7 %9 = bitcast i8** %8 to %struct.net.892636** %10 = load %struct.net.892636*, %struct.net.892636** %9, align 8 %11 = getelementptr inbounds %struct.net.892636, %struct.net.892636* %10, i64 0, i32 35, i32 1, i32 5 %12 = load i32, i32* %11, align 8 %13 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_disable ------------- Path:  Function:addrconf_sysctl_disable %6 = alloca %struct.netdev_notifier_info.891436, align 8 %7 = alloca %struct.netdev_notifier_info.891436, align 8 %8 = alloca i32, align 4 %9 = alloca %struct.ctl_table, align 8 %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %11 = bitcast i8** %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = bitcast i32* %8 to i8* %14 = load i32, i32* %12, align 4 store i32 %14, i32* %8, align 4 %15 = load i64, i64* %4, align 8 %16 = bitcast %struct.ctl_table* %9 to i8* %17 = bitcast %struct.ctl_table* %0 to i8* %18 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %9, i64 0, i32 1 %19 = bitcast i8** %18 to i32** store i32* %8, i32** %19, align 8 %20 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %9, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_forward ------------- Path:  Function:addrconf_sysctl_forward %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_proxy_ndp ------------- Path:  Function:addrconf_sysctl_proxy_ndp %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_mq_dointvec ------------- Path:  Function:proc_mq_dointvec %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = bitcast %struct.ctl_table* %0 to i8* %9 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.267928** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.267928**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.267928* %14 = getelementptr inbounds %struct.task_struct.267928, %struct.task_struct.267928* %13, i64 0, i32 94 %15 = load %struct.nsproxy.267868*, %struct.nsproxy.267868** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.267868, %struct.nsproxy.267868* %15, i64 0, i32 2 %17 = bitcast %struct.ipc_namespace.264938** %16 to i8** %18 = load i8*, i8** %17, align 8 %19 = sub i64 %11, ptrtoint (%struct.ipc_namespace.264938* @init_ipc_ns to i64) %20 = getelementptr i8, i8* %18, i64 %19 %21 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %20, i8** %21, align 8 %22 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_ignore_routes_with_linkdown ------------- Path:  Function:addrconf_sysctl_ignore_routes_with_linkdown %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_disable_policy ------------- Path:  Function:addrconf_sysctl_disable_policy %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 nf_conntrack_hash_sysctl ------------- Path:  Function:nf_conntrack_hash_sysctl %6 = load i32, i32* @nf_conntrack_htable_size, align 4 store i32 %6, i32* @nf_conntrack_htable_size_user, align 4 %7 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_sysctl_forward ------------- Path:  Function:devinet_sysctl_forward %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = load i64, i64* %4, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.net.828834** %13 = load %struct.net.828834*, %struct.net.828834** %12, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_sysctl_forward ------------- Path:  Function:devinet_sysctl_forward %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = load i64, i64* %4, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.net.828834** %13 = load %struct.net.828834*, %struct.net.828834** %12, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_dev_weight ------------- Path:  Function:proc_do_dev_weight %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_dev_weight ------------- Path:  Function:proc_do_dev_weight %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_dev_weight ------------- Path:  Function:proc_do_dev_weight %6 = tail call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Good: 7 Bad: 51 Ignored: 5 Check Use of Function:ieee80211_recalc_ps Check Use of Function:ieee80211_chandef_downgrade Check Use of Function:ieee80211_set_disassoc Check Use of Function:acpi_update_all_gpes Check Use of Function:cfg80211_chandef_valid Check Use of Function:ieee80211_vif_change_bandwidth Check Use of Function:ieee80211_freq_khz_to_channel Check Use of Function:ieee80211_csa_finalize Check Use of Function:filemap_write_and_wait_range Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #76 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236617** %24 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236617* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236617* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236617* %31, %struct.nfs4_label* null) #77 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236590** %15 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236617* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236616* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17, i32 1 %26 = bitcast %struct.nfs_fh** %24 to i64** store i64* %25, i64** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236590* %15, %struct.nfs_server.236590** %37, align 8 %38 = bitcast %struct.nfs4_exception* %10 to i8* %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236616* %22, %struct.nfs4_state.236616** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %44, align 1 %45 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = and i32 %46, 6145 %48 = icmp eq i32 %47, 0 %49 = select i1 %48, i64 256, i64 131328 %50 = and i32 %46, 6 %51 = icmp eq i32 %50, 0 %52 = or i64 %49, 4096 %53 = select i1 %51, i64 %49, i64 %52 %54 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 35, i64 0 %55 = bitcast i32* %54 to i8* %56 = icmp eq %struct.inode* %0, null %57 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %58 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %57, i64 9, i32 1 %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.236616* %22, null %62 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %22, i64 0, i32 13 br label %63 br i1 %56, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236617* %4) #77 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236590** %14 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #76 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #76 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #77 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236606** %6 = load %struct.nfs_renameargs.236606*, %struct.nfs_renameargs.236606** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236607** %9 = load %struct.nfs_renameres.236607*, %struct.nfs_renameres.236607** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #76 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #77 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #76 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #77 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236602** %6 = load %struct.nfs_removeargs.236602*, %struct.nfs_removeargs.236602** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236604** %9 = load %struct.nfs_removeres.236604*, %struct.nfs_removeres.236604** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236590** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236602, %struct.nfs_removeargs.236602* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236600* null, %struct.nfs4_slot.236600** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236604, %struct.nfs_removeres.236604* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #76 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #76 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 25, i32 1 %4 = bitcast i64* %3 to %struct.nfs_delegation.236662** %5 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236662* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236662* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %36 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %37 = load %struct.file_lock_context*, %struct.file_lock_context** %36, align 8 %38 = icmp eq %struct.file_lock_context* %37, null br i1 %38, label %50, label %39 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_file_flush ------------- Path:  Function:nfs4_file_flush %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.215077** %9 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 14 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %30, label %17 %18 = tail call zeroext i1 @nfs4_delegation_flush_on_close(%struct.inode* %4) #76 %19 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %20 = load %struct.address_space*, %struct.address_space** %19, align 8 br i1 %18, label %23, label %21 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %20, i64 0, i32 11 %25 = tail call i32 @errseq_sample(i32* %24) #76 %26 = tail call i32 @nfs_wb_all(%struct.inode* %4) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 18 %5 = load %struct.address_space.215305*, %struct.address_space.215305** %4, align 8 %6 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %5, i64 0, i32 0 %7 = load %struct.inode.215746*, %struct.inode.215746** %6, align 8 %8 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %7, i64 0, i32 8 %9 = load %struct.super_block.215732*, %struct.super_block.215732** %8, align 8 %10 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215891** %12 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.file_lock.215741, %struct.file_lock.215741* %2, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %86 %21 = load %struct.super_block.215732*, %struct.super_block.215732** %8, align 8 %22 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %21, i64 0, i32 28 %23 = bitcast i8** %22 to %struct.nfs_server.215891** %24 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %23, align 16 %25 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %24, i64 0, i32 8 %26 = load i32, i32* %25, align 8 %27 = lshr i32 %26, 21 %28 = and i32 %27, 1 %29 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %24, i64 0, i32 0 %30 = load %struct.nfs_client.215885*, %struct.nfs_client.215885** %29, align 8 %31 = getelementptr inbounds %struct.nfs_client.215885, %struct.nfs_client.215885* %30, i64 0, i32 12 %32 = load %struct.nfs_rpc_ops.215868*, %struct.nfs_rpc_ops.215868** %31, align 8 %33 = getelementptr inbounds %struct.nfs_rpc_ops.215868, %struct.nfs_rpc_ops.215868* %32, i64 0, i32 43 %34 = load i32 (%struct.file_lock.215741*)*, i32 (%struct.file_lock.215741*)** %33, align 8 %35 = icmp eq i32 (%struct.file_lock.215741*)* %34, null br i1 %35, label %39, label %36 %40 = icmp eq i32 %1, 5 br i1 %40, label %41, label %78 %79 = getelementptr inbounds %struct.file_lock.215741, %struct.file_lock.215741* %2, i64 0, i32 7 %80 = load i8, i8* %79, align 4 %81 = icmp eq i8 %80, 2 br i1 %81, label %82, label %84 %83 = tail call fastcc i32 @do_unlk(%struct.file.215754* %0, i32 %1, %struct.file_lock.215741* %2, i32 %28) #77 Function:do_unlk %5 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 18 %6 = load %struct.address_space.215305*, %struct.address_space.215305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %6, i64 0, i32 0 %8 = load %struct.inode.215746*, %struct.inode.215746** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.215746*)*)(%struct.inode.215746* %8) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_flock ------------- Path:  Function:nfs_flock %4 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 18 %5 = load %struct.address_space.215305*, %struct.address_space.215305** %4, align 8 %6 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %5, i64 0, i32 0 %7 = load %struct.inode.215746*, %struct.inode.215746** %6, align 8 %8 = getelementptr inbounds %struct.file_lock.215741, %struct.file_lock.215741* %2, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %32, label %12 %13 = getelementptr inbounds %struct.file_lock.215741, %struct.file_lock.215741* %2, i64 0, i32 7 %14 = load i8, i8* %13, align 4 %15 = and i8 %14, 32 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %32 %18 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %7, i64 0, i32 8 %19 = load %struct.super_block.215732*, %struct.super_block.215732** %18, align 8 %20 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %19, i64 0, i32 28 %21 = bitcast i8** %20 to %struct.nfs_server.215891** %22 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %21, align 16 %23 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %22, i64 0, i32 8 %24 = load i32, i32* %23, align 8 %25 = lshr i32 %24, 20 %26 = and i32 %25, 1 %27 = icmp eq i8 %14, 2 br i1 %27, label %28, label %30 %29 = tail call fastcc i32 @do_unlk(%struct.file.215754* %0, i32 %1, %struct.file_lock.215741* %2, i32 %26) #76 Function:do_unlk %5 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 18 %6 = load %struct.address_space.215305*, %struct.address_space.215305** %5, align 8 %7 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %6, i64 0, i32 0 %8 = load %struct.inode.215746*, %struct.inode.215746** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.215746*)*)(%struct.inode.215746* %8) #76 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216772, %struct.path.216772* %1, i64 0, i32 1 %7 = load %struct.dentry.217372*, %struct.dentry.217372** %6, align 8 %8 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %7, i64 0, i32 5 %9 = load %struct.inode.217383*, %struct.inode.217383** %8, align 8 %10 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 8 %11 = load %struct.super_block.217367*, %struct.super_block.217367** %10, align 8 %12 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217511** %14 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %67, label %57 %58 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, -4096 %61 = icmp eq i16 %60, -32768 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 9 %64 = load %struct.address_space.217384*, %struct.address_space.217384** %63, align 8 %65 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.217384*, i64, i64)*)(%struct.address_space.217384* %64, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 17, i32 1 %11 = bitcast i64* %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.216772*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #76 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216772, %struct.path.216772* %1, i64 0, i32 1 %7 = load %struct.dentry.217372*, %struct.dentry.217372** %6, align 8 %8 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %7, i64 0, i32 5 %9 = load %struct.inode.217383*, %struct.inode.217383** %8, align 8 %10 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 8 %11 = load %struct.super_block.217367*, %struct.super_block.217367** %10, align 8 %12 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217511** %14 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %67, label %57 %58 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, -4096 %61 = icmp eq i16 %60, -32768 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 9 %64 = load %struct.address_space.217384*, %struct.address_space.217384** %63, align 8 %65 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.217384*, i64, i64)*)(%struct.address_space.217384* %64, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 fiemap_prep 1 iomap_fiemap 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ %6, %4 ], [ %14, %12 ] %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 34 %18 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %17, i64 10, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 524288 %21 = icmp eq i64 %20, 0 %22 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %23 = load %struct.super_block*, %struct.super_block** %22, align 8 br i1 %21, label %26, label %24 %27 = getelementptr inbounds %struct.super_block, %struct.super_block* %23, i64 0, i32 28 %28 = bitcast i8** %27 to %struct.ext4_sb_info** %29 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %28, align 16 %30 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %29, i64 0, i32 13 br label %31 %32 = phi i64* [ %25, %24 ], [ %30, %26 ] %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %3, 0 br i1 %34, label %51, label %35 %36 = icmp ult i64 %33, %2 br i1 %36, label %51, label %37 %38 = icmp ult i64 %33, %3 %39 = sub i64 %33, %3 %40 = icmp ult i64 %39, %2 %41 = or i1 %38, %40 %42 = sub i64 %33, %2 %43 = select i1 %41, i64 %42, i64 %3 %44 = and i32 %16, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %49, label %46 %50 = tail call i32 @iomap_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %43, %struct.iomap_ops* nonnull @ext4_iomap_report_ops) #77 Function:iomap_fiemap %6 = alloca %struct.iomap_iter, align 8 %7 = bitcast %struct.iomap_iter* %6 to i8* %8 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 3 %9 = bitcast i64* %8 to i8* %10 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 0 store %struct.inode* %0, %struct.inode** %10, align 8 %11 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 1 store i64 %2, i64* %11, align 8 %12 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 2 store i64 %3, i64* %12, align 8 %13 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 4 store i32 4, i32* %13, align 8 %14 = call i32 bitcast (i32 (%struct.inode.147961*, %struct.fiemap_extent_info*, i64, i64*, i32)* @fiemap_prep to i32 (%struct.inode*, %struct.fiemap_extent_info*, i64, i64*, i32)*)(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64* %12, i32 0) #76 Function:fiemap_prep %6 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %0, i64 0, i32 8 %7 = load %struct.super_block.147945*, %struct.super_block.147945** %6, align 8 %8 = getelementptr inbounds %struct.super_block.147945, %struct.super_block.147945* %7, i64 0, i32 4 %9 = load i64, i64* %8, align 32 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %36, label %12 %13 = icmp ult i64 %9, %2 br i1 %13, label %36, label %14 %15 = icmp ult i64 %9, %10 %16 = sub i64 %9, %10 %17 = icmp ult i64 %16, %2 %18 = or i1 %15, %17 br i1 %18, label %19, label %21 %22 = and i32 %4, 2 %23 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = xor i32 %22, -2 %26 = and i32 %24, %25 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = and i32 %24, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %0, i64 0, i32 9 %34 = load %struct.address_space.147965*, %struct.address_space.147965** %33, align 8 %35 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.147965*, i64, i64)*)(%struct.address_space.147965* %34, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 fiemap_prep 1 iomap_fiemap 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ %6, %4 ], [ %14, %12 ] %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 34 %18 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %17, i64 10, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 524288 %21 = icmp eq i64 %20, 0 %22 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %23 = load %struct.super_block*, %struct.super_block** %22, align 8 br i1 %21, label %26, label %24 %27 = getelementptr inbounds %struct.super_block, %struct.super_block* %23, i64 0, i32 28 %28 = bitcast i8** %27 to %struct.ext4_sb_info** %29 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %28, align 16 %30 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %29, i64 0, i32 13 br label %31 %32 = phi i64* [ %25, %24 ], [ %30, %26 ] %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %3, 0 br i1 %34, label %51, label %35 %36 = icmp ult i64 %33, %2 br i1 %36, label %51, label %37 %38 = icmp ult i64 %33, %3 %39 = sub i64 %33, %3 %40 = icmp ult i64 %39, %2 %41 = or i1 %38, %40 %42 = sub i64 %33, %2 %43 = select i1 %41, i64 %42, i64 %3 %44 = and i32 %16, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %49, label %46 %50 = tail call i32 @iomap_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %43, %struct.iomap_ops* nonnull @ext4_iomap_report_ops) #77 Function:iomap_fiemap %6 = alloca %struct.iomap_iter, align 8 %7 = bitcast %struct.iomap_iter* %6 to i8* %8 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 3 %9 = bitcast i64* %8 to i8* %10 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 0 store %struct.inode* %0, %struct.inode** %10, align 8 %11 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 1 store i64 %2, i64* %11, align 8 %12 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 2 store i64 %3, i64* %12, align 8 %13 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 4 store i32 4, i32* %13, align 8 %14 = call i32 bitcast (i32 (%struct.inode.147961*, %struct.fiemap_extent_info*, i64, i64*, i32)* @fiemap_prep to i32 (%struct.inode*, %struct.fiemap_extent_info*, i64, i64*, i32)*)(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64* %12, i32 0) #76 Function:fiemap_prep %6 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %0, i64 0, i32 8 %7 = load %struct.super_block.147945*, %struct.super_block.147945** %6, align 8 %8 = getelementptr inbounds %struct.super_block.147945, %struct.super_block.147945* %7, i64 0, i32 4 %9 = load i64, i64* %8, align 32 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %36, label %12 %13 = icmp ult i64 %9, %2 br i1 %13, label %36, label %14 %15 = icmp ult i64 %9, %10 %16 = sub i64 %9, %10 %17 = icmp ult i64 %16, %2 %18 = or i1 %15, %17 br i1 %18, label %19, label %21 %22 = and i32 %4, 2 %23 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = xor i32 %22, -2 %26 = and i32 %24, %25 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = and i32 %24, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.inode.147961, %struct.inode.147961* %0, i64 0, i32 9 %34 = load %struct.address_space.147965*, %struct.address_space.147965** %33, align 8 %35 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.147965*, i64, i64)*)(%struct.address_space.147965* %34, i64 0, i64 9223372036854775807) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_read_iter 1 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 ------------- Good: 84 Bad: 13 Ignored: 131 Check Use of Function:__SCT__tp_func_drv_channel_switch_beacon Check Use of Function:__sta_info_recalc_tim Check Use of Function:pagevec_lookup_range Check Use of Function:mon_bin_ioctl Use: =BAD PATH= Call Stack: 0 mon_bin_compat_ioctl ------------- Path:  Function:mon_bin_compat_ioctl %4 = alloca %struct.uid_gid_extent, align 4 %5 = alloca %struct.uid_gid_extent, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mon_reader_bin** %8 = load %struct.mon_reader_bin*, %struct.mon_reader_bin** %7, align 8 switch i32 %1, label %79 [ i32 1074565638, label %9 i32 1074565642, label %9 i32 -1072918009, label %32 i32 -2146921981, label %81 i32 37377, label %84 i32 37381, label %84 i32 37380, label %84 i32 37384, label %84 ] %85 = tail call i64 @mon_bin_ioctl(%struct.file* %0, i32 %1, i64 %2) #77 ------------- Use: =BAD PATH= Call Stack: 0 mon_bin_compat_ioctl ------------- Path:  Function:mon_bin_compat_ioctl %4 = alloca %struct.uid_gid_extent, align 4 %5 = alloca %struct.uid_gid_extent, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mon_reader_bin** %8 = load %struct.mon_reader_bin*, %struct.mon_reader_bin** %7, align 8 switch i32 %1, label %79 [ i32 1074565638, label %9 i32 1074565642, label %9 i32 -1072918009, label %32 i32 -2146921981, label %81 i32 37377, label %84 i32 37381, label %84 i32 37380, label %84 i32 37384, label %84 ] %82 = and i64 %2, 4294967295 %83 = tail call i64 @mon_bin_ioctl(%struct.file* %0, i32 -2146921981, i64 %82) #77 ------------- Good: 1 Bad: 2 Ignored: 2 Check Use of Function:serial8250_get_mctrl Check Use of Function:cleanup_single_sta Check Use of Function:round_jiffies Use: =BAD PATH= Call Stack: 0 fib6_run_gc 1 ip6_dst_gc ------------- Path:  Function:ip6_dst_gc %2 = getelementptr %struct.dst_ops.892390, %struct.dst_ops.892390* %0, i64 -7, i32 9 %3 = bitcast %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %2 to %struct.net.892636* %4 = getelementptr inbounds %struct.dst_entry.892411* (%struct.dst_entry.892411*)*, %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %2, i64 160 %5 = bitcast %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %4 to %struct.netns_ipv6.892620* %6 = getelementptr inbounds %struct.dst_entry.892411* (%struct.dst_entry.892411*)*, %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %2, i64 184 %7 = bitcast %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %6 to %struct.netns_sysctl_ipv6* %8 = getelementptr inbounds %struct.dst_entry.892411* (%struct.dst_entry.892411*)*, %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %2, i64 190 %9 = bitcast %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %8 to i32* %10 = load i32, i32* %9, align 16 %11 = getelementptr inbounds %struct.netns_sysctl_ipv6, %struct.netns_sysctl_ipv6* %7, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.netns_sysctl_ipv6, %struct.netns_sysctl_ipv6* %7, i64 0, i32 10 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.netns_sysctl_ipv6, %struct.netns_sysctl_ipv6* %7, i64 0, i32 8 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.dst_entry.892411* (%struct.dst_entry.892411*)*, %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %2, i64 225 %18 = bitcast %struct.dst_entry.892411* (%struct.dst_entry.892411*)** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %0, i64 0, i32 17, i32 1 %21 = load volatile i64, i64* %20, align 8 %22 = icmp sgt i64 %21, 0 %23 = select i1 %22, i64 %21, i64 0 %24 = trunc i64 %23 to i32 %25 = icmp slt i32 %12, %24 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.dst_ops.892390, %struct.dst_ops.892390* %0, i64 0, i32 17 %28 = tail call i64 @__percpu_counter_sum(%struct.percpu_counter* %27) #76 %29 = icmp sgt i64 %28, 0 %30 = select i1 %29, i64 %28, i64 0 %31 = trunc i64 %30 to i32 br label %32 %33 = phi i32 [ %31, %26 ], [ %24, %1 ] %34 = load volatile i64, i64* @jiffies, align 64 %35 = sext i32 %10 to i64 %36 = add i64 %19, %35 %37 = sub i64 %34, %36 %38 = icmp sgt i64 %37, -1 %39 = icmp sgt i32 %33, %12 %40 = or i1 %39, %38 br i1 %40, label %41, label %56 %42 = getelementptr inbounds %struct.netns_ipv6.892620, %struct.netns_ipv6.892620* %5, i64 0, i32 15 %43 = load i32, i32* %42, align 4 %44 = add i32 %43, 1 store i32 %44, i32* %42, align 4 %45 = zext i32 %44 to i64 tail call void bitcast (void (i64, %struct.net.828834*, i1)* @fib6_run_gc to void (i64, %struct.net.892636*, i1)*)(i64 %45, %struct.net.892636* %3, i1 zeroext true) #76 Function:fib6_run_gc %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %1, i64 0, i32 35, i32 14, i32 0, i32 0 br i1 %2, label %7, label %8 %9 = tail call i32 @_raw_spin_trylock_bh(%struct.raw_spinlock* %6) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %16 %17 = icmp eq i64 %0, 0 br i1 %17, label %20, label %18 %21 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %1, i64 0, i32 35, i32 1, i32 9 %22 = load i32, i32* %21, align 8 br label %23 %24 = phi i32 [ %19, %18 ], [ %22, %20 ] %25 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 store i32 0, i32* %26, align 4 call fastcc void @__fib6_clean_all(%struct.net.828834* %1, i32 (%struct.fib6_info.828766*, i8*)* nonnull @fib6_age, i32 0, i8* nonnull %5, i1 zeroext false) #76 %27 = load volatile i64, i64* @jiffies, align 64 %28 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %1, i64 0, i32 35, i32 16 store i64 %27, i64* %28, align 8 %29 = load i32, i32* %26, align 4 %30 = icmp eq i32 %29, 0 %31 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %1, i64 0, i32 35, i32 9 br i1 %30, label %39, label %32 %33 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %1, i64 0, i32 35, i32 1, i32 9 %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = add i64 %27, %35 %37 = call i64 @round_jiffies(i64 %36) #76 ------------- Good: 89 Bad: 1 Ignored: 53 Check Use of Function:ieee80211_vif_release_channel Check Use of Function:set_fs_pwd Check Use of Function:ieee80211_set_wmm_default Check Use of Function:drv_sta_state Check Use of Function:cfg80211_rx_mlme_mgmt Check Use of Function:security_set_bools Check Use of Function:vfs_mknod Check Use of Function:acpi_handle_printk Check Use of Function:kmalloc_array.51973 Check Use of Function:cfg80211_shutdown_all_interfaces Check Use of Function:ieee80211_configure_filter Check Use of Function:ieee80211_tx_monitor Check Use of Function:ieee80211_recalc_idle Check Use of Function:idr_remove Use: =BAD PATH= Call Stack: 0 free_pid 1 change_pid 2 ksys_setsid 3 __do_sys_setsid ------------- Path:  Function:__do_sys_setsid %2 = tail call i32 @ksys_setsid() #76 Function:ksys_setsid %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 60 %4 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 63 %6 = load %struct.pid*, %struct.pid** %5, align 32 %7 = tail call i32 @pid_vnr(%struct.pid* %6) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 23 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %34 %14 = tail call %struct.task_struct* @pid_task(%struct.pid* %6, i32 2) #76 %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %16, label %34 %17 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %18 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 23 store i32 1, i32* %18, align 8 %19 = load %struct.task_struct*, %struct.task_struct** %3, align 8 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %19, i64 0, i32 95 %21 = load %struct.signal_struct*, %struct.signal_struct** %20, align 32 %22 = getelementptr %struct.signal_struct, %struct.signal_struct* %21, i64 0, i32 21, i64 3 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = icmp eq %struct.pid* %23, %6 br i1 %24, label %27, label %25 tail call void @change_pid(%struct.task_struct* %19, i32 3, %struct.pid* %6) #76 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #76 Function:free_pid %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pidmap_lock, i64 0, i32 0, i32 0)) #76 %3 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 1 br label %4 %5 = phi i32 [ 0, %1 ], [ %28, %22 ] %6 = sext i32 %5 to i64 %7 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 1 %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = add i32 %10, -1 store i32 %11, i32* %9, align 8 switch i32 %10, label %22 [ i32 3, label %12 i32 2, label %12 i32 -2147483647, label %16 ] %23 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 0 %24 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 0 %25 = load i32, i32* %24, align 8 %26 = sext i32 %25 to i64 %27 = tail call i8* @idr_remove(%struct.idr* %23, i64 %26) #76 ------------- Use: =BAD PATH= Call Stack: 0 free_pid 1 change_pid 2 __se_sys_setpgid 3 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #76 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #76 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #76 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #76 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #76 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #76 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #76 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #76 Function:free_pid %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pidmap_lock, i64 0, i32 0, i32 0)) #76 %3 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 1 br label %4 %5 = phi i32 [ 0, %1 ], [ %28, %22 ] %6 = sext i32 %5 to i64 %7 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 1 %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = add i32 %10, -1 store i32 %11, i32* %9, align 8 switch i32 %10, label %22 [ i32 3, label %12 i32 2, label %12 i32 -2147483647, label %16 ] %23 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 0 %24 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 0 %25 = load i32, i32* %24, align 8 %26 = sext i32 %25 to i64 %27 = tail call i8* @idr_remove(%struct.idr* %23, i64 %26) #76 ------------- Use: =BAD PATH= Call Stack: 0 free_pid 1 change_pid 2 __se_sys_setpgid 3 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #76 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #76 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #76 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #76 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #76 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #76 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #76 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #76 Function:free_pid %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pidmap_lock, i64 0, i32 0, i32 0)) #76 %3 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 1 br label %4 %5 = phi i32 [ 0, %1 ], [ %28, %22 ] %6 = sext i32 %5 to i64 %7 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 1 %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = add i32 %10, -1 store i32 %11, i32* %9, align 8 switch i32 %10, label %22 [ i32 3, label %12 i32 2, label %12 i32 -2147483647, label %16 ] %23 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 0 %24 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 0 %25 = load i32, i32* %24, align 8 %26 = sext i32 %25 to i64 %27 = tail call i8* @idr_remove(%struct.idr* %23, i64 %26) #76 ------------- Good: 127 Bad: 3 Ignored: 70 Check Use of Function:__setplane_internal Check Use of Function:ieee80211_free_txskb Check Use of Function:exit_io_context Check Use of Function:__SCT__tp_func_drv_leave_ibss Check Use of Function:drm_prime_destroy_file_private Check Use of Function:intel_user_framebuffer_dirty Check Use of Function:drm_plane_check_pixel_format Check Use of Function:blk_rq_init Check Use of Function:pci_mmap_page_range Check Use of Function:ieee80211_rx_bss_put Check Use of Function:ext4_bread Check Use of Function:i915_gem_flush_free_objects Use: =BAD PATH= Call Stack: 0 __i915_gem_object_create_user 1 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.484268, align 8 %5 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.484253* %6 = bitcast %struct.create_ext.484268* %4 to i8* %7 = getelementptr inbounds %struct.create_ext.484268, %struct.create_ext.484268* %4, i64 0, i32 1 %8 = bitcast [4 x %struct.intel_memory_region.484255*]* %7 to i8* %9 = bitcast %struct.create_ext.484268* %4 to %struct.drm_device.381449** store %struct.drm_device.381449* %0, %struct.drm_device.381449** %9, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %58 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([1 x i32 (%struct.i915_user_extension*, i8*)*], [1 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.40909, i64 0, i64 0), i32 1, i8* nonnull %6) #76 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.create_ext.484268, %struct.create_ext.484268* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.484268, %struct.create_ext.484268* %4, i64 0, i32 1, i64 0 %32 = call %struct.drm_i915_gem_object.484267* @__i915_gem_object_create_user(%struct.drm_i915_private.484253* %5, i64 %30, %struct.intel_memory_region.484255** %31, i32 %28) #77 Function:__i915_gem_object_create_user %5 = bitcast %struct.intel_memory_region.484255** %2 to i8* %6 = load %struct.intel_memory_region.484255*, %struct.intel_memory_region.484255** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.448538*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.484253*)*)(%struct.drm_i915_private.484253* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 __i915_gem_object_create_user 1 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.484255*, align 8 %5 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.484253* %6 = bitcast %struct.intel_memory_region.484255** %4 to i8* %7 = tail call %struct.intel_memory_region.484255* bitcast (%struct.intel_memory_region.426501* (%struct.drm_i915_private.426498*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.484255* (%struct.drm_i915_private.484253*, i32)*)(%struct.drm_i915_private.484253* %5, i32 0) #76 store %struct.intel_memory_region.484255* %7, %struct.intel_memory_region.484255** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call %struct.drm_i915_gem_object.484267* @__i915_gem_object_create_user(%struct.drm_i915_private.484253* %5, i64 %9, %struct.intel_memory_region.484255** nonnull %4, i32 1) #77 Function:__i915_gem_object_create_user %5 = bitcast %struct.intel_memory_region.484255** %2 to i8* %6 = load %struct.intel_memory_region.484255*, %struct.intel_memory_region.484255** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.448538*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.484253*)*)(%struct.drm_i915_private.484253* %0) #76 ------------- Good: 2 Bad: 2 Ignored: 4 Check Use of Function:cfg80211_assoc_timeout Check Use of Function:send_signal Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %13 = load i64, i64* %12, align 8 %14 = add i64 %13, -4 %15 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %14 br i1 %17, label %42, label %18, !prof !6, !misexpect !7 %19 = inttoptr i64 %14 to %struct.rt_sigframe_ia32* %21 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %22 = bitcast %struct.kernel_cap_struct* %21 to i64* %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %20) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %42, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #76 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %33 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #77 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %42 %36 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %37 = call i32 @compat_restore_altstack(%struct.uid_gid_extent* %36) #76 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %42 %43 = inttoptr i64 %14 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %43, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4721, i64 0, i64 0)) #76 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct* %10, i32 0) #76 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #76 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 95 %50 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 @wake_up_state(%struct.task_struct* %1, i32 1) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void @kick_process(%struct.task_struct* %1) #76 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %78 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %78 %79 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct* %1, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %13 br i1 %18, label %50, label %19, !prof !6, !misexpect !7 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %23 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %20) #6, !srcloc !8 %24 = extractvalue { i32*, i32, i64 } %23, 0 %25 = extractvalue { i32*, i32, i64 } %23, 1 %26 = extractvalue { i32*, i32, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = zext i32 %25 to i64 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %28, i64* %29, align 8 %30 = and i64 %27, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %50, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #76 %45 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %21) #77 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %50 %51 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %51, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4718, i64 0, i64 0)) #76 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct* %10, i32 0) #76 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #76 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 95 %50 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 @wake_up_state(%struct.task_struct* %1, i32 1) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void @kick_process(%struct.task_struct* %1) #76 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %78 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %78 %79 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct* %1, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __do_sys_rt_sigreturn ------------- Path:  Function:__do_sys_rt_sigreturn %2 = alloca %struct.sigcontext_64, align 8 %3 = alloca %struct.cpumask, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 2 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 32 %9 = add i64 %8, 16384 %10 = inttoptr i64 %9 to %struct.pt_regs* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1 %12 = bitcast %struct.cpumask* %3 to i8* %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -8 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -440 %18 = icmp ult i64 %17, %15 br i1 %18, label %139, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe* %22 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 4, i32 0, i64 0 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %3, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %139, !prof !9, !misexpect !10 %33 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 0 %34 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 8, i64 %32) #6, !srcloc !11 %35 = extractvalue { i64*, i64, i64 } %34, 0 %36 = extractvalue { i64*, i64, i64 } %34, 2 %37 = ptrtoint i64* %35 to i64 %38 = and i64 %37, 4294967295 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %139, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %3) #76 %41 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 3 %42 = bitcast %struct.sigcontext_64* %2 to i8* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 52, i32 1 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %43, align 8 %44 = bitcast %struct.sigcontext_64* %41 to i8* %45 = call i64 @_copy_from_user(i8* nonnull %42, i8* %44, i64 192) #76 %46 = icmp eq i64 %45, 0 br i1 %46, label %48, label %47 br label %139 %140 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %11, i8* %140, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.6.1385, i64 0, i64 0)) #77 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #76 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct* %10, i32 0) #76 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #76 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 95 %50 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 @wake_up_state(%struct.task_struct* %1, i32 1) #76 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void @kick_process(%struct.task_struct* %1) #76 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %78 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %78 %79 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct* %1, i32 0) #77 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 generic_write_checks 3 nfs_file_direct_write 4 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.215312, %struct.kiocb.215312* %0, i64 0, i32 0 %4 = load %struct.file.215754*, %struct.file.215754** %3, align 8 %5 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %4, i64 0, i32 2 %6 = load %struct.inode.215746*, %struct.inode.215746** %5, align 8 %7 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %6, i64 0, i32 8 %8 = load %struct.super_block.215732*, %struct.super_block.215732** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215891** %11 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215754*, %struct.inode.215746*)*)(%struct.file.215754* %4, %struct.inode.215746* %6) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.215312, %struct.kiocb.215312* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %24 = tail call i64 bitcast (i64 (%struct.kiocb.219114*, %struct.iov_iter*)* @nfs_file_direct_write to i64 (%struct.kiocb.215312*, %struct.iov_iter*)*)(%struct.kiocb.215312* %0, %struct.iov_iter* %1) #76 Function:nfs_file_direct_write %3 = alloca %struct.nfs_pageio_descriptor, align 8 %4 = alloca %struct.page.219111**, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.kiocb.219114, %struct.kiocb.219114* %0, i64 0, i32 0 %7 = load %struct.file.219700*, %struct.file.219700** %6, align 8 %8 = getelementptr inbounds %struct.file.219700, %struct.file.219700* %7, i64 0, i32 18 %9 = load %struct.address_space.219108*, %struct.address_space.219108** %8, align 8 %10 = getelementptr inbounds %struct.address_space.219108, %struct.address_space.219108* %9, i64 0, i32 0 %11 = load %struct.inode.219694*, %struct.inode.219694** %10, align 8 %12 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_write_checks to i64 (%struct.kiocb.219114*, %struct.iov_iter*)*)(%struct.kiocb.219114* %0, %struct.iov_iter* %1) #76 Function:generic_write_checks %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 256 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %69 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %69, label %17 %18 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %27 = and i32 %19, 131080 %28 = icmp eq i32 %27, 8 br i1 %28, label %69, label %29 %30 = load i64, i64* %14, align 8 %31 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = load %struct.address_space*, %struct.address_space** %5, align 8 %34 = getelementptr inbounds %struct.address_space, %struct.address_space* %33, i64 0, i32 0 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 8 %37 = load %struct.super_block*, %struct.super_block** %36, align 8 %38 = getelementptr inbounds %struct.super_block, %struct.super_block* %37, i64 0, i32 4 %39 = load i64, i64* %38, align 32 %40 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %41 = inttoptr i64 %40 to %struct.task_struct* %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %41, i64 0, i32 95 %43 = load %struct.signal_struct*, %struct.signal_struct** %42, align 32 %44 = getelementptr %struct.signal_struct, %struct.signal_struct* %43, i64 0, i32 49, i64 1, i32 0 %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, -1 br i1 %46, label %55, label %47 %48 = icmp sgt i64 %45, %32 br i1 %48, label %51, label %49 %50 = tail call i32 @send_sig(i32 25, %struct.task_struct* %41, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 inode_newsize_ok 3 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %1, i64 0, i32 5 %5 = load %struct.inode.217383*, %struct.inode.217383** %4, align 8 %6 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 8 %7 = load %struct.super_block.217367*, %struct.super_block.217367** %6, align 8 %8 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217511** %10 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150157*, i64)* @inode_newsize_ok to i32 (%struct.inode.217383*, i64)*)(%struct.inode.217383* %5, i64 %32) #76 Function:inode_newsize_ok %3 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, %1 br i1 %5, label %6, label %20 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.150265* %9 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %8, i64 0, i32 95 %10 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %9, align 32 %11 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %10, i64 0, i32 49, i64 1, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp ult i64 %12, %1 br i1 %13, label %26, label %14 %27 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %8, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 inode_newsize_ok 3 nfs_setattr 4 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 17, i32 1 %7 = bitcast i64* %6 to i16* %8 = load i16, i16* %7, align 2 %9 = icmp eq i16 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.217372*, %struct.iattr.217374*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %1, i64 0, i32 5 %5 = load %struct.inode.217383*, %struct.inode.217383** %4, align 8 %6 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 8 %7 = load %struct.super_block.217367*, %struct.super_block.217367** %6, align 8 %8 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217511** %10 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.217374, %struct.iattr.217374* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150157*, i64)* @inode_newsize_ok to i32 (%struct.inode.217383*, i64)*)(%struct.inode.217383* %5, i64 %32) #76 Function:inode_newsize_ok %3 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, %1 br i1 %5, label %6, label %20 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.150265* %9 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %8, i64 0, i32 95 %10 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %9, align 32 %11 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %10, i64 0, i32 49, i64 1, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp ult i64 %12, %1 br i1 %13, label %26, label %14 %27 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %8, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %382, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %382, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %382, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177930, %struct.dentry.177930* %1, i64 0, i32 5 %5 = load %struct.inode.177941*, %struct.inode.177941** %4, align 8 %6 = getelementptr inbounds %struct.iattr.178080, %struct.iattr.178080* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace.178079*, %struct.dentry.177930*, %struct.iattr.178080*)*)(%struct.user_namespace.178079* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.178079*), %struct.dentry.177930* %1, %struct.iattr.178080* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273376*, %struct.iattr.273378*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273376* %1, %struct.iattr.273378* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 notify_change 5 file_remove_privs 6 __generic_file_write_iter 7 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %5 = load %struct.file.294345*, %struct.file.294345** %4, align 8 %6 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %5, i64 0, i32 18 %7 = load %struct.address_space.294426*, %struct.address_space.294426** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %7, i64 0, i32 0 %9 = load %struct.inode.294419*, %struct.inode.294419** %8, align 8 %10 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294278* bitcast (%struct.block_device.293754* (%struct.inode.293951*)* @I_BDEV to %struct.block_device.294278* (%struct.inode.294419*)*)(%struct.inode.294419* %9) #76 %14 = tail call i32 bitcast (i32 (%struct.block_device.299712*)* @bdev_read_only to i32 (%struct.block_device.294278*)*)(%struct.block_device.294278* %13) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #76 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #76 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.149842*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #76 Function:file_remove_privs %2 = alloca %struct.iattr.149911, align 8 %3 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.149909*, %struct.dentry.149909** %3, align 8 %5 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.149909* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 2 %20 = load %struct.inode.149921*, %struct.inode.149921** %19, align 8 %21 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %18, i64 0, i32 5 %32 = load %struct.inode.149921*, %struct.inode.149921** %31, align 8 %33 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #76 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.149909*)*)(%struct.dentry.149909* %18) #76 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.149842, %struct.file.149842* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.149905, %struct.vfsmount.149905* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.149911* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.149911, %struct.iattr.149911* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*, %struct.inode.150157**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.149909*, %struct.iattr.149911*, %struct.inode.149921**)*)(%struct.user_namespace* %68, %struct.dentry.149909* %18, %struct.iattr.149911* nonnull %2, %struct.inode.149921** null) #76 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %6 = load %struct.inode.150157*, %struct.inode.150157** %5, align 8 %7 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16415, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "256:\0A\09.pushsection .discard.reachable\0A\09.long 256b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.149921*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150157*)*)(%struct.user_namespace* %0, %struct.inode.150157* %6) #76 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147178*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150157*, i32)*)(%struct.user_namespace* %0, %struct.inode.150157* %6, i32 2) #76 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.149921*)* @current_time to { i64, i64 } (%struct.inode.150157*)*)(%struct.inode.150157* %6) #76 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %64, i64 %66, %struct.inode.150157* %6) #76 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.149921*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150157*)*)(i64 %77, i64 %79, %struct.inode.150157* %6) #76 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %171 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150153*, %struct.inode_operations.150153** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150153, %struct.inode_operations.150153* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*, i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)*)(%struct.user_namespace* %0, %struct.dentry.150148* %1, %struct.iattr.150266* %2) #76 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153259, %struct.dentry.153259* %1, i64 0, i32 5 %5 = load %struct.inode.153255*, %struct.inode.153255** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153259*, %struct.iattr.153247*)*)(%struct.user_namespace* %0, %struct.dentry.153259* %1, %struct.iattr.153247* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150148*, %struct.iattr.150266*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #76 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150148, %struct.dentry.150148* %1, i64 0, i32 5 %5 = load %struct.inode.150157*, %struct.inode.150157** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.150266, %struct.iattr.150266* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.150157, %struct.inode.150157* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150265** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150265**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.150265* %19 = getelementptr inbounds %struct.task_struct.150265, %struct.task_struct.150265* %18, i64 0, i32 95 %20 = load %struct.signal_struct.150215*, %struct.signal_struct.150215** %19, align 32 %21 = getelementptr %struct.signal_struct.150215, %struct.signal_struct.150215* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %12 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct*, i32)* @send_sig to i32 (i32, %struct.task_struct.150265*, i32)*)(i32 25, %struct.task_struct.150265* %18, i32 0) #76 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct* %1) #76 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #76 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #76 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ undef, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* %2, i32 0) #76 ------------- Good: 98 Bad: 26 Ignored: 180 Check Use of Function:drm_property_free_blob Check Use of Function:scsi_autopm_put_device Check Use of Function:xt_compat_target_to_user Check Use of Function:copy_page Check Use of Function:cfg80211_auth_timeout Check Use of Function:local_bh_enable.71737 Check Use of Function:ext4_swap_extents Check Use of Function:ieee80211_send_null_response Check Use of Function:ieee80211_clear_tx_pending Check Use of Function:netif_carrier_on Check Use of Function:auditd_reset Check Use of Function:cfg80211_mlme_purge_registrations Check Use of Function:ieee80211_tx_h_select_key Check Use of Function:d_obtain_alias Check Use of Function:ieee80211_xmit Check Use of Function:vm_get_page_prot Check Use of Function:follow_hugetlb_page Check Use of Function:ieee80211_tx_frags Check Use of Function:arch_uretprobe_is_alive Check Use of Function:ieee80211_mgd_probe_ap_send Check Use of Function:dir_add Check Use of Function:ieee80211_sdata_stop Check Use of Function:unlock_rename Check Use of Function:drv_start_nan Check Use of Function:mq_walk Check Use of Function:ieee80211_send_nullfunc Check Use of Function:ext4_append Check Use of Function:drm_get_mode_status_name Check Use of Function:ieee80211_set_mon_options Check Use of Function:cfg80211_find_elem_match Check Use of Function:ieee80211_auth.72847 Check Use of Function:igmp6_late_init Check Use of Function:ieee80211_reconfig Check Use of Function:ieee80211_queue_delayed_work Check Use of Function:__sta_info_destroy Check Use of Function:acpi_unlock_hp_context Check Use of Function:ieee80211_recalc_sw_work Check Use of Function:ieee80211_free_keys_iface Check Use of Function:ieee80211_key_free Check Use of Function:proc_dostring Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.117* [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.117, %struct.anon.117* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11006, i64 0, i64 0), i64 %178) #76 %188 = icmp slt i64 %187, 0 br i1 %188, label %217, label %189 %190 = getelementptr i8, i8* %177, i64 %187 %191 = sub i64 %178, %187 br label %192 %193 = phi i64 [ %191, %189 ], [ %178, %183 ] %194 = phi i8* [ %190, %189 ], [ %177, %183 ] %195 = phi i8 [ %175, %189 ], [ 1, %183 ] %196 = load i8*, i8** %174, align 8 %197 = call i64 @strscpy(i8* %194, i8* %196, i64 %193) #76 %198 = icmp slt i64 %197, 0 br i1 %198, label %217, label %199 %200 = getelementptr i8, i8* %194, i64 %197 %201 = sub i64 %193, %197 br label %202 %203 = phi i64 [ %201, %199 ], [ %178, %173 ] %204 = phi i8* [ %200, %199 ], [ %177, %173 ] %205 = phi i8 [ %195, %199 ], [ %175, %173 ] %206 = getelementptr %struct.anon.117, %struct.anon.117* %176, i64 1 %207 = getelementptr %struct.anon.117, %struct.anon.117* %176, i64 1, i32 1 %208 = load i8*, i8** %207, align 8 %209 = icmp ne i8* %208, null %210 = icmp ne i64 %203, 0 %211 = and i1 %210, %209 br i1 %211, label %173, label %212 %213 = bitcast %struct.ctl_table* %0 to i8* %214 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %170, i8** %214, align 8 %215 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 63, i32* %215, align 8 %216 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 0, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_tcp_congestion_control ------------- Path:  Function:proc_tcp_congestion_control %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = load i8*, i8** %8, align 8 %10 = getelementptr i8, i8* %9, i64 -1112 %11 = bitcast i8* %10 to %struct.net.863597* %12 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %13 = bitcast %struct.ctl_table* %7 to i8* %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %12, i8** %14, align 8 %15 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %15, align 8 call void bitcast (void (%struct.net.273332*, i8*)* @tcp_get_default_congestion_control to void (%struct.net.863597*, i8*)*)(%struct.net.863597* %11, i8* nonnull %12) #76 %16 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #76 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @proc_do_uuid.bootid_spinlock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %22 %23 = phi i8* [ %13, %21 ], [ %11, %15 ] %24 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %10, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.52.35126, i64 0, i64 0), i8* %23) #77 %25 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %10, i8** %25, align 8 %26 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 64, i32* %26, align 8 %27 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #76 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @proc_do_uuid.bootid_spinlock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %22 %23 = phi i8* [ %13, %21 ], [ %11, %15 ] %24 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %10, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.52.35126, i64 0, i64 0), i8* %23) #77 %25 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %10, i8** %25, align 8 %26 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 64, i32* %26, align 8 %27 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 set_default_qdisc ------------- Path:  Function:set_default_qdisc %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %9 = bitcast %struct.ctl_table* %7 to i8* %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %8, i8** %10, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %11, align 8 call void @qdisc_get_default(i8* nonnull %8, i64 16) #76 %12 = call i32 bitcast (i32 (%struct.ctl_table.49808*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #76 ------------- Good: 10 Bad: 5 Ignored: 4 Check Use of Function:drv_tdls_cancel_channel_switch Check Use of Function:sta_info_hash_del Check Use of Function:__sta_info_destroy_part2 Check Use of Function:ieee80211_teardown_tdls_peers Check Use of Function:wiphy_register Check Use of Function:codel_dequeue_func Check Use of Function:security_get_bools Check Use of Function:invoke_tx_handlers_early Check Use of Function:switch_task_namespaces Check Use of Function:mutex_is_locked Use: =BAD PATH= Call Stack: 0 n_tty_poll ------------- Path:  Function:n_tty_poll %4 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 27 %5 = icmp eq %struct.poll_table_struct.358954* %2, null br i1 %5, label %21, label %6 %22 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 29 %23 = bitcast i8** %22 to %struct.n_tty_data** %24 = load %struct.n_tty_data*, %struct.n_tty_data** %23, align 8 %25 = getelementptr %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 13, i32 5, i64 5 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %34 %29 = getelementptr %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 13, i32 5, i64 6 %30 = load i8, i8* %29, align 1 %31 = icmp eq i8 %30, 0 %32 = select i1 %31, i8 1, i8 %30 %33 = zext i8 %32 to i64 br label %34 %35 = phi i64 [ 1, %21 ], [ %33, %28 ] %36 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 10 %37 = load i8, i8* %36, align 1 %38 = and i8 %37, 16 %39 = icmp eq i8 %38, 0 br i1 %39, label %45, label %40 %41 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 13, i32 3 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 65536 %44 = icmp eq i32 %43, 0 br i1 %44, label %52, label %45 %53 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 2 %54 = load i64, i64* %53, align 8 %55 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 14 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %54, %56 br i1 %57, label %58, label %97 %98 = phi i32 [ 65, %52 ], [ %96, %94 ], [ 65, %45 ] %99 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 20, i32 4 %100 = load i8, i8* %99, align 1, !range !4 %101 = icmp eq i8 %100, 0 br i1 %101, label %109, label %102 %103 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 24 %104 = load %struct.tty_struct.359247*, %struct.tty_struct.359247** %103, align 8 %105 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %104, i64 0, i32 20, i32 3 %106 = load i8, i8* %105, align 8 %107 = icmp eq i8 %106, 0 %108 = select i1 %107, i32 %98, i32 67 br label %109 %110 = phi i32 [ %98, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 16 %112 = load volatile i64, i64* %111, align 8 %113 = and i64 %112, 4 %114 = icmp eq i64 %113, 0 %115 = or i32 %110, 16 %116 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.359135*)*)(%struct.file.359135* %1) #76 %117 = icmp eq i32 %116, 0 %118 = and i1 %117, %114 %119 = select i1 %118, i32 %110, i32 %115 %120 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 4 %121 = load %struct.tty_operations.359242*, %struct.tty_operations.359242** %120, align 8 %122 = getelementptr inbounds %struct.tty_operations.359242, %struct.tty_operations.359242* %121, i64 0, i32 7 %123 = load i32 (%struct.tty_struct.359247*, i8*, i32)*, i32 (%struct.tty_struct.359247*, i8*, i32)** %122, align 8 %124 = icmp eq i32 (%struct.tty_struct.359247*, i8*, i32)* %123, null br i1 %124, label %136, label %125 %126 = getelementptr inbounds %struct.tty_struct.359247, %struct.tty_struct.359247* %0, i64 0, i32 8 %127 = tail call zeroext i1 @mutex_is_locked(%struct.mutex* %126) #76 ------------- Good: 303 Bad: 1 Ignored: 237 Check Use of Function:selinux_status_update_setenforce Check Use of Function:cfg80211_put_bss Check Use of Function:ieee80211_offchannel_return Check Use of Function:wiphy_free Check Use of Function:_enable_swap_info Check Use of Function:__hw_addr_init Check Use of Function:max_swapfile_size Check Use of Function:pci_disable_msi Check Use of Function:__cfg80211_disconnected Check Use of Function:qdisc_get_stab Check Use of Function:__cfg80211_connect_result Check Use of Function:rtc_set_time Check Use of Function:cgroup_can_fork Check Use of Function:rate_control_rate_init Check Use of Function:io_uring_add_tctx_node Check Use of Function:ieee80211_recalc_min_chandef Check Use of Function:rdev_stop_nan Check Use of Function:sysfs_remove_link Check Use of Function:snd_disconnect_ioctl Check Use of Function:drv_get_tsf Check Use of Function:maybe_link Check Use of Function:ieee80211_if_remove Check Use of Function:netlbl_unlabel_defconf Check Use of Function:netlbl_cipsov4_genl_init Check Use of Function:genl_unregister_family Check Use of Function:kernel_wait Check Use of Function:create_elf_tables.17943 Check Use of Function:netlink_register_notifier Check Use of Function:alloc_workqueue Check Use of Function:regulatory_init Check Use of Function:drm_atomic_helper_set_config Check Use of Function:kernfs_iop_rmdir Check Use of Function:ioam6_exit Check Use of Function:igmp6_late_cleanup Check Use of Function:bad_inode_unlink Check Use of Function:kernfs_iop_rename Check Use of Function:ipv6_sysctl_register Check Use of Function:reset_palette Check Use of Function:register_pernet_subsys Check Use of Function:security_sid_to_context Use: =BAD PATH= Call Stack: 0 sel_read_initcon ------------- Path:  Function:sel_read_initcon %5 = alloca i8*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i8** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %17 to i32 %19 = and i32 %18, 16777215 %20 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %13, i64 0, i32 9 %21 = load %struct.selinux_state*, %struct.selinux_state** %20, align 8 %22 = call i32 bitcast (i32 (%struct.selinux_state.273402*, i32, i8**, i32*)* @security_sid_to_context to i32 (%struct.selinux_state*, i32, i8**, i32*)*)(%struct.selinux_state* %21, i32 %19, i8** nonnull %5, i32* nonnull %6) #76 ------------- Good: 11 Bad: 1 Ignored: 7 Check Use of Function:arch_uretprobe_hijack_return_addr Check Use of Function:ioam6_init Check Use of Function:genl_ctrl_event Check Use of Function:unregister_pernet_device Check Use of Function:reg_process_self_managed_hints Check Use of Function:pcie_capability_clear_and_set_word Check Use of Function:wiphy_all_share_dfs_chan_state Check Use of Function:__pm_runtime_idle Check Use of Function:cancel_delayed_work Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_commit_done ------------- Path:  Function:nfs4_commit_done %3 = getelementptr inbounds %struct.nfs_commit_data.236639, %struct.nfs_commit_data.236639* %1, i64 0, i32 9, i32 0, i32 0 %4 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %3, align 8 %5 = icmp eq %struct.nfs4_slot.236600* %4, null br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %4, i64 0, i32 0 %8 = load %struct.nfs4_slot_table.236599*, %struct.nfs4_slot_table.236599** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %8, i64 0, i32 3 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236599* %8, %struct.nfs4_slot.236600* nonnull %4) #76 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236600* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #76 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #76 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #76 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #76 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #77 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.236599*, %struct.nfs4_slot_table.236599** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %9, i64 0, i32 3 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236599* %9, %struct.nfs4_slot.236600* nonnull %5) #76 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236600* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #76 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #76 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #76 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #76 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #77 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.236599*, %struct.nfs4_slot_table.236599** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %9, i64 0, i32 3 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236599* %9, %struct.nfs4_slot.236600* nonnull %5) #76 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236600* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #76 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #76 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #76 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #76 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #77 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %9, i64 0, i32 0 %13 = load %struct.nfs4_slot_table.236599*, %struct.nfs4_slot_table.236599** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %13, i64 0, i32 3 %15 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %14, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %15) #76 %16 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236599* %13, %struct.nfs4_slot.236600* nonnull %9) #76 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236600* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #76 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #76 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #76 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #76 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #77 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %8, i64 0, i32 0 %12 = load %struct.nfs4_slot_table.236599*, %struct.nfs4_slot_table.236599** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %12, i64 0, i32 3 %14 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %13, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #76 %15 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236599* %12, %struct.nfs4_slot.236600* nonnull %8) #76 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236600, %struct.nfs4_slot.236600* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236599, %struct.nfs4_slot_table.236599* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236600* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #76 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #76 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #76 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #76 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #76 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #77 ------------- Good: 190 Bad: 5 Ignored: 212 Check Use of Function:print_rd_rules Check Use of Function:__ext4_journal_start_sb Check Use of Function:regulatory_hint_user Check Use of Function:kill_ioctx Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #76 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #76 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17619, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17620) #76 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #76 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:_ieee80211_start_next_roc Check Use of Function:selinux_netlbl_cache_invalidate Check Use of Function:selinux_policy_cancel Check Use of Function:__mnt_want_write Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #77 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 0 %4 = load %struct.file.294345*, %struct.file.294345** %3, align 8 %5 = getelementptr inbounds %struct.file.294345, %struct.file.294345* %4, i64 0, i32 18 %6 = load %struct.address_space.294426*, %struct.address_space.294426** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294426, %struct.address_space.294426* %6, i64 0, i32 0 %8 = load %struct.inode.294419*, %struct.inode.294419** %7, align 8 %9 = getelementptr inbounds %struct.inode.294419, %struct.inode.294419* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294023, %struct.kiocb.294023* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294023*, %struct.iov_iter*)*)(%struct.kiocb.294023* %0, %struct.iov_iter* %1) #76 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #76 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #77 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 9 %11 = load %struct.address_space_operations*, %struct.address_space_operations** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %11, i64 0, i32 1 %13 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %12, align 8 %14 = icmp eq i32 (%struct.file*, %struct.page*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %21) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 2 %4 = load %struct.inode.215746*, %struct.inode.215746** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, %struct.vm_area_struct*)* @generic_file_mmap to i32 (%struct.file.215754*, %struct.vm_area_struct.215770*)*)(%struct.file.215754* %0, %struct.vm_area_struct.215770* %1) #76 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ %16, %23 ], [ %103, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ 0, %23 ], [ %100, %124 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #76 switch i32 %40, label %129 [ i32 0, label %41 i32 -22, label %134 ] %135 = phi i32 [ 0, %70 ], [ 0, %56 ], [ 0, %55 ], [ 0, %2 ], [ %130, %129 ], [ 0, %36 ] %136 = phi i64 [ %31, %70 ], [ %31, %56 ], [ %31, %55 ], [ 0, %2 ], [ %131, %129 ], [ %31, %36 ] %137 = phi i64 [ %30, %70 ], [ %30, %56 ], [ %30, %55 ], [ %17, %2 ], [ %132, %129 ], [ %30, %36 ] %138 = phi i64 [ %29, %70 ], [ %29, %56 ], [ %29, %55 ], [ %16, %2 ], [ %133, %129 ], [ %29, %36 ] %139 = shl i64 %138, 12 %140 = add i64 %139, %137 store i64 %140, i64* %10, align 8 %141 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %142 = load i32, i32* %141, align 8 %143 = and i32 %142, 262144 %144 = icmp eq i32 %143, 0 br i1 %144, label %145, label %147 %146 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %146) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 6, i32 4, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path*)*)(%struct.path* %28) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*, i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.154414*, i64*, %struct.pipe_inode_info.154505*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273225*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*)(%struct.file.273225* %0, i64* %1, %struct.pipe_inode_info.273162* %2, i64 %3, i32 %4) #76 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 1 call void bitcast (void (%struct.path.149528*)* @touch_atime to void (%struct.path.154048*)*)(%struct.path.154048* %91) #76 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 0 %4 = load %struct.vfsmount.149905*, %struct.vfsmount.149905** %3, align 8 %5 = getelementptr inbounds %struct.path.149528, %struct.path.149528* %0, i64 0, i32 1 %6 = load %struct.dentry.149909*, %struct.dentry.149909** %5, align 8 %7 = getelementptr inbounds %struct.dentry.149909, %struct.dentry.149909* %6, i64 0, i32 5 %8 = load %struct.inode.149921*, %struct.inode.149921** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.149528* %0, %struct.inode.149921* %8) #76 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.149921, %struct.inode.149921* %8, i64 0, i32 8 %13 = load %struct.super_block.149904*, %struct.super_block.149904** %12, align 8 %14 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.149895, %struct.percpu_rw_semaphore.149895* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.149904, %struct.super_block.149904* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.149905*)*)(%struct.vfsmount.149905* %4) #77 ------------- Good: 38 Bad: 10 Ignored: 64 Check Use of Function:selinux_status_update_policyload Check Use of Function:__i915_gem_object_get_pages Check Use of Function:call_blocking_lsm_notifier Check Use of Function:pci_write_config_word Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %224, align 8 %226 = icmp eq %struct.pci_dev.317892* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46489, i64 0, i32 0, i32 0)) #76 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %258, align 8 %260 = icmp eq %struct.pci_dev.317892* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #76 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ 2, %98 ] %108 = phi i32 [ 0, %94 ], [ %105, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %107, %110 %112 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.317892* %112, i1 zeroext true, i32 %108, i32 %111) #76 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29334, i64 0, i64 0), i32 6260, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "419:\0A\09.pushsection .discard.reachable\0A\09.long 419b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %13 %14 = load i32 (%struct.pci_dev.317892*, i1, i32, i32)*, i32 (%struct.pci_dev.317892*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.317892*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %30 = and i32 %3, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %53, label %32 %33 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 1 %34 = load %struct.pci_bus.317894*, %struct.pci_bus.317894** %33, align 8 %35 = icmp eq %struct.pci_bus.317894* %34, null br i1 %35, label %53, label %36 %37 = select i1 %1, i16 8, i16 0 br label %38 %39 = phi %struct.pci_bus.317894* [ %34, %36 ], [ %51, %49 ] %40 = getelementptr inbounds %struct.pci_bus.317894, %struct.pci_bus.317894* %39, i64 0, i32 4 %41 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %40, align 8 %42 = icmp eq %struct.pci_dev.317892* %41, null br i1 %42, label %49, label %43 %44 = call i32 @pci_read_config_word(%struct.pci_dev.317892* nonnull %41, i32 62, i16* nonnull %5) #76 %45 = load i16, i16* %5, align 2 %46 = and i16 %45, -9 %47 = or i16 %46, %37 store i16 %47, i16* %5, align 2 %48 = call i32 @pci_write_config_word(%struct.pci_dev.317892* nonnull %41, i32 62, i16 zeroext %47) #76 ------------- Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46519, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46520, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46494, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %224, align 8 %226 = icmp eq %struct.pci_dev.317892* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46489, i64 0, i32 0, i32 0)) #76 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %258, align 8 %260 = icmp eq %struct.pci_dev.317892* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #76 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ 2, %98 ] %108 = phi i32 [ 0, %94 ], [ %105, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %107, %110 %112 = load %struct.pci_dev.317892*, %struct.pci_dev.317892** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.317892* %112, i1 zeroext true, i32 %108, i32 %111) #76 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29334, i64 0, i64 0), i32 6260, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "419:\0A\09.pushsection .discard.reachable\0A\09.long 419b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %13 %14 = load i32 (%struct.pci_dev.317892*, i1, i32, i32)*, i32 (%struct.pci_dev.317892*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.317892*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %21 = call i32 @pci_read_config_word(%struct.pci_dev.317892* %0, i32 4, i16* nonnull %5) #76 %22 = load i16, i16* %5, align 2 %23 = trunc i32 %2 to i16 %24 = xor i16 %23, -1 %25 = and i16 %22, %24 %26 = or i16 %22, %23 %27 = select i1 %1, i16 %26, i16 %25 store i16 %27, i16* %5, align 2 %28 = call i32 @pci_write_config_word(%struct.pci_dev.317892* %0, i32 4, i16 zeroext %27) #76 ------------- Good: 838 Bad: 2 Ignored: 1295 Check Use of Function:i915_sw_fence_complete Check Use of Function:scsi_run_host_queues Check Use of Function:avc_set_cache_threshold Check Use of Function:kobject_uevent_env Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store.46808 ------------- Path:  Function:uevent_store.46808 %4 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 18 %5 = load %struct.driver_private*, %struct.driver_private** %4, align 8 %6 = getelementptr inbounds %struct.driver_private, %struct.driver_private* %5, i64 0, i32 0 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #76 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #76 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28701, i64 0, i64 0), i8* %1, i64 %21) #76 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28702, i64 0, i64 0), i8* %1, i64 %21) #76 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28703, i64 0, i64 0), i8* %1, i64 %21) #76 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28704, i64 0, i64 0), i8* %1, i64 %21) #76 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28705, i64 0, i64 0), i8* %1, i64 %21) #76 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28706, i64 0, i64 0), i8* %1, i64 %21) #76 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28707, i64 0, i64 0), i8* %1, i64 %21) #76 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28708, i64 0, i64 0), i8* %1, i64 %21) #76 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #77 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 bus_uevent_store ------------- Path:  Function:bus_uevent_store %4 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %5 = load %struct.subsys_private*, %struct.subsys_private** %4, align 8 %6 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %5, i64 0, i32 0, i32 2 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #76 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #76 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28701, i64 0, i64 0), i8* %1, i64 %21) #76 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28702, i64 0, i64 0), i8* %1, i64 %21) #76 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28703, i64 0, i64 0), i8* %1, i64 %21) #76 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28704, i64 0, i64 0), i8* %1, i64 %21) #76 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28705, i64 0, i64 0), i8* %1, i64 %21) #76 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28706, i64 0, i64 0), i8* %1, i64 %21) #76 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28707, i64 0, i64 0), i8* %1, i64 %21) #76 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28708, i64 0, i64 0), i8* %1, i64 %21) #76 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #77 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store ------------- Path:  Function:uevent_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #76 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #76 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28701, i64 0, i64 0), i8* %1, i64 %21) #76 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28702, i64 0, i64 0), i8* %1, i64 %21) #76 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28703, i64 0, i64 0), i8* %1, i64 %21) #76 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28704, i64 0, i64 0), i8* %1, i64 %21) #76 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28705, i64 0, i64 0), i8* %1, i64 %21) #76 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28706, i64 0, i64 0), i8* %1, i64 %21) #76 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28707, i64 0, i64 0), i8* %1, i64 %21) #76 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28708, i64 0, i64 0), i8* %1, i64 %21) #76 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #77 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 store_uevent ------------- Path:  Function:store_uevent %5 = getelementptr inbounds %struct.module_kobject, %struct.module_kobject* %1, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #76 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #76 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28701, i64 0, i64 0), i8* %1, i64 %21) #76 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28702, i64 0, i64 0), i8* %1, i64 %21) #76 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28703, i64 0, i64 0), i8* %1, i64 %21) #76 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28704, i64 0, i64 0), i8* %1, i64 %21) #76 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28705, i64 0, i64 0), i8* %1, i64 %21) #76 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28706, i64 0, i64 0), i8* %1, i64 %21) #76 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28707, i64 0, i64 0), i8* %1, i64 %21) #76 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28708, i64 0, i64 0), i8* %1, i64 %21) #76 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #77 ------------- Good: 51 Bad: 4 Ignored: 15 Check Use of Function:intel_modeset_driver_remove_noirq Check Use of Function:security_sid_to_context_force Check Use of Function:drm_connector_set_obj_prop Check Use of Function:drm_primary_helper_disable Check Use of Function:bad_inode_rename2 Check Use of Function:drm_mode_object_get Check Use of Function:efivar_entry_find Check Use of Function:is_swbp_insn Check Use of Function:d_alloc_parallel Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #76 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.22.18768, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #76 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #76 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.23.18769, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #76 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #76 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #76 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #76 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #76 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #76 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #77 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #78 %23 = icmp eq %struct.dentry* %22, null br i1 %23, label %24, label %67 %25 = bitcast %struct.wait_queue_head* %6 to i8* %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store %struct.list_head* %27, %struct.list_head** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %27, %struct.list_head** %29, align 8 %30 = call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry* (%struct.dentry*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5, %struct.wait_queue_head* nonnull %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #76 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %271 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %36 = bitcast %struct.qstr* %35 to %struct.util_est* %37 = getelementptr inbounds %struct.util_est, %struct.util_est* %36, i64 0, i32 1 %38 = load i32, i32* %37, align 4 %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %40 = load %struct.super_block*, %struct.super_block** %39, align 8 %41 = getelementptr inbounds %struct.super_block, %struct.super_block* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.215077** %43 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %42, align 16 %44 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %43, i64 0, i32 23 %45 = load i32, i32* %44, align 4 %46 = icmp ugt i32 %38, %45 br i1 %46, label %271, label %47 %48 = and i32 %3, 64 %49 = icmp eq i32 %48, 0 br i1 %49, label %65, label %50 %66 = and i32 %3, 512 %67 = icmp eq i32 %66, 0 br i1 %67, label %72, label %68 br i1 %49, label %73, label %93 %74 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %75 = load i32, i32* %74, align 8 %76 = and i32 %75, 268435456 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %93 call void bitcast (void (%struct.dentry.149376*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %1) #76 %79 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 3 %80 = load %struct.dentry*, %struct.dentry** %79, align 8 %81 = call %struct.dentry* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry* (%struct.dentry*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry* %80, %struct.qstr* %35, %struct.wait_queue_head* nonnull %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tid_base_readdir ------------- Path:  Function:proc_tid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.177762* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } } }>* @tid_base_stuff, i64 0, i32 0), i32 39) #76 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 2 %6 = load %struct.inode.177941*, %struct.inode.177941** %5, align 8 %7 = getelementptr %struct.inode.177941, %struct.inode.177941* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.177739** %9 = load %struct.pid.177739*, %struct.pid.177739** %8, align 8 %10 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %9, i32 0) #76 %11 = icmp eq %struct.task_struct.178066* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.177762* %0, %struct.dir_context* %1) #77 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.177762* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.177930* (%struct.dentry.177930*, %struct.task_struct.178066*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.178066* nonnull %10, i8* %32) #77 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.177930*, %struct.dentry.177930** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.177930* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.177930* (%struct.dentry.177930*, %struct.qstr*)*)(%struct.dentry.177930* %11, %struct.qstr* nonnull %8) #76 %18 = icmp eq %struct.dentry.177930* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.177930* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.177930* (%struct.dentry.177930*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.177930* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_attr_dir_readdir ------------- Path:  Function:proc_attr_dir_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.177762* %0, %struct.dir_context* %1, %struct.pid_entry* bitcast ([6 x { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i8* } }]* @attr_dir_stuff to %struct.pid_entry*), i32 6) #76 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 2 %6 = load %struct.inode.177941*, %struct.inode.177941** %5, align 8 %7 = getelementptr %struct.inode.177941, %struct.inode.177941* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.177739** %9 = load %struct.pid.177739*, %struct.pid.177739** %8, align 8 %10 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %9, i32 0) #76 %11 = icmp eq %struct.task_struct.178066* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.177762* %0, %struct.dir_context* %1) #77 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.177762* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.177930* (%struct.dentry.177930*, %struct.task_struct.178066*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.178066* nonnull %10, i8* %32) #77 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.177930*, %struct.dentry.177930** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.177930* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.177930* (%struct.dentry.177930*, %struct.qstr*)*)(%struct.dentry.177930* %11, %struct.qstr* nonnull %8) #76 %18 = icmp eq %struct.dentry.177930* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.177930* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.177930* (%struct.dentry.177930*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.177930* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tgid_base_readdir ------------- Path:  Function:proc_tgid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.177762* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177935*, %struct.file_operations.177730*, { i32 (%struct.seq_file.177729*, %struct.pid_namespace.177737*, %struct.pid.177739*, %struct.task_struct.178066*)* } } }>* @tgid_base_stuff, i64 0, i32 0), i32 45) #76 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 2 %6 = load %struct.inode.177941*, %struct.inode.177941** %5, align 8 %7 = getelementptr %struct.inode.177941, %struct.inode.177941* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.177739** %9 = load %struct.pid.177739*, %struct.pid.177739** %8, align 8 %10 = tail call %struct.task_struct.178066* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178066* (%struct.pid.177739*, i32)*)(%struct.pid.177739* %9, i32 0) #76 %11 = icmp eq %struct.task_struct.178066* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.177762* %0, %struct.dir_context* %1) #77 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.177762* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.177930* (%struct.dentry.177930*, %struct.task_struct.178066*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.178066* nonnull %10, i8* %32) #77 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.177762, %struct.file.177762* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.177930*, %struct.dentry.177930** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.177930* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.177930* (%struct.dentry.177930*, %struct.qstr*)*)(%struct.dentry.177930* %11, %struct.qstr* nonnull %8) #76 %18 = icmp eq %struct.dentry.177930* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.177930* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.177930* (%struct.dentry.177930*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.177930* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #76 ------------- Good: 12 Bad: 5 Ignored: 10 Check Use of Function:drm_internal_framebuffer_create Check Use of Function:drm_modeset_acquire_fini Check Use of Function:drm_modeset_backoff Check Use of Function:drm_modeset_acquire_init Check Use of Function:drm_crtc_vblank_count Check Use of Function:drm_crtc_vblank_put Check Use of Function:lru_cache_add_inactive_or_unevictable Check Use of Function:drm_modeset_lock Check Use of Function:drm_atomic_connector_commit_dpms Check Use of Function:drm_atomic_helper_page_flip Check Use of Function:drm_event_reserve_init Check Use of Function:vm_access Check Use of Function:cfg80211_process_wdev_events Check Use of Function:drm_modeset_lock_all_ctx Check Use of Function:out_of_line_wait_on_bit Check Use of Function:fat_compat_dir_ioctl Check Use of Function:drm_mode_crtc_set_obj_prop Check Use of Function:__dev_change_net_namespace Check Use of Function:drm_property_change_valid_get Check Use of Function:drm_mode_obj_find_prop_id Check Use of Function:security_vm_enough_memory_mm Use: =BAD PATH= Call Stack: 0 __shmem_file_setup 1 shmem_zero_setup 2 mmap_zero ------------- Path:  Function:mmap_zero %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @shmem_zero_setup(%struct.vm_area_struct* %1) #76 Function:shmem_zero_setup %2 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = sub i64 %3, %5 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = load %struct.vfsmount*, %struct.vfsmount** @shm_mnt, align 8 %10 = tail call fastcc %struct.file* @__shmem_file_setup(%struct.vfsmount* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.13.13277, i64 0, i64 0), i64 %6, i64 %8, i32 512) #76 Function:__shmem_file_setup %6 = icmp ugt %struct.vfsmount* %0, inttoptr (i64 -4096 to %struct.vfsmount*) br i1 %6, label %7, label %9 %10 = icmp slt i64 %2, 0 br i1 %10, label %42, label %11 %12 = and i64 %3, 2097152 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 38 %18 = load %struct.mm_struct*, %struct.mm_struct** %17, align 64 %19 = add nuw i64 %2, 4095 %20 = ashr i64 %19, 12 %21 = tail call i32 @security_vm_enough_memory_mm(%struct.mm_struct* %18, i64 %20) #76 ------------- Good: 22 Bad: 1 Ignored: 9 Check Use of Function:drm_atomic_commit Check Use of Function:__drm_atomic_state_free Check Use of Function:drm_atomic_state_clear Check Use of Function:drm_atomic_state_alloc Check Use of Function:drm_mode_object_get_properties Check Use of Function:pci_bus_write_config_byte Check Use of Function:ext4_mb_release Check Use of Function:__setplane_check Check Use of Function:sysfs_notify Check Use of Function:strscpy Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl 1 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #76 Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #76 %29 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 4, i64 0 %31 = call i64 @strscpy(i8* %29, i8* %30, i64 80) #76 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl ------------- Path:  Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #76 %29 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 4, i64 0 %31 = call i64 @strscpy(i8* %29, i8* %30, i64 80) #76 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl 1 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #76 Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #76 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl ------------- Path:  Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 pnp_disable_dev 5 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.350904* %11 = getelementptr inbounds %struct.pnp_dev.350904, %struct.pnp_dev.350904* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #77 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.33921, i64 0, i64 0), i64 7) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.351147*)* @pnp_disable_dev to i32 (%struct.pnp_dev.350904*)*)(%struct.pnp_dev.350904* %10) #77 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.351137*, %struct.pnp_protocol.351137** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.351137, %struct.pnp_protocol.351137* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.351147*)*, i32 (%struct.pnp_dev.351147*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.351147*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.351147, %struct.pnp_dev.351147* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33817, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.33818, i64 0, i64 0)) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.381449* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44045, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #76 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39745, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #77 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68 %38 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.39739, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.39740, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.39741, i64 0, i64 0), i8* %46) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.435861** %7 = load %struct.i915_gpu_coredump.435861*, %struct.i915_gpu_coredump.435861** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.435861* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.435861, %struct.i915_gpu_coredump.435861* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %10, align 8 %12 = icmp eq %struct.drm_i915_private.435893* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.42.39489, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 check_for_unclaimed_mmio 6 intel_uncore_forcewake_user_put 7 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.435893** %5 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.428020*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.435570*)*)(%struct.intel_uncore.435570* %10) #76 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #76 %4 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.428020* %0) #77 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39258, i64 0, i64 0)) #76 br label %26 %27 = load i8*, i8** %13, align 8 %28 = getelementptr i8, i8* %27, i64 271104 %29 = bitcast i8* %28 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %29) #6, !srcloc !8 br label %30 %31 = phi i8 [ 0, %7 ], [ 1, %26 ], [ 0, %12 ] %32 = load i32, i32* %8, align 4 %33 = and i32 %32, 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35 %52 = phi i32 [ %50, %47 ], [ %32, %30 ] %53 = phi i8 [ %49, %47 ], [ %31, %30 ] %54 = and i32 %52, 8 %55 = icmp eq i32 %54, 0 br i1 %55, label %79, label %56 %57 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %58 = load i8*, i8** %57, align 8 %59 = getelementptr i8, i8* %58, i64 1179648 %60 = bitcast i8* %59 to i32* %61 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %60) #6, !srcloc !4 %62 = icmp ne i32 %61, 0 br i1 %62, label %63, label %75, !prof !5, !misexpect !7 %64 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %65 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %64, align 8 %66 = icmp eq %struct.drm_i915_private.428358* %65, null br i1 %66, label %70, label %67 %68 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %65, i64 0, i32 0, i32 2 %69 = load %struct.device*, %struct.device** %68, align 8 br label %70 %71 = phi %struct.device* [ %69, %67 ], [ null, %63 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %71, i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.36.39259, i64 0, i64 0), i32 %61) #77 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.422916** %12 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %11, align 8 %13 = icmp eq %struct.drm_i915_private.422916* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.38788, i64 0, i64 0)) #76 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.37895, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.37891, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #76 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.13592, i64 0, i64 0)) #76 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.46722, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.317892* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29271, i64 0, i64 0)) #76 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.80.29272, i64 0, i64 0)) #77 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.46722, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 pci_vpd_available 5 pci_vpd_read 6 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %0, i64 %18, i64 1, i8* nonnull %11) #76 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %47, i32 %49) #76 %51 = icmp eq %struct.pci_dev.322177* %50, null br i1 %51, label %59, label %52 %60 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %60, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.29598, i64 0, i64 0), i64 %42) #77 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.46722, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 pci_vpd_available 5 pci_vpd_write 6 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.322177* %9 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.322177* %8, i64 %4, i64 %5, i8* %3) #76 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.322177* %0) #76 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.322177* %0, i64 %18, i64 1, i8* nonnull %11) #76 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.322166*, %struct.pci_bus.322166** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.322177* bitcast (%struct.pci_dev.317892* (%struct.pci_bus.317894*, i32)* @pci_get_slot to %struct.pci_dev.322177* (%struct.pci_bus.322166*, i32)*)(%struct.pci_bus.322166* %47, i32 %49) #76 %51 = icmp eq %struct.pci_dev.322177* %50, null br i1 %51, label %59, label %52 %60 = getelementptr inbounds %struct.pci_dev.322177, %struct.pci_dev.322177* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %60, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.29598, i64 0, i64 0), i64 %42) #77 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.46722, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #76 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #77 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #76 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #76 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60786, i64 0, i64 0)) #77 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.60807, i64 0, i64 0)) #76 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.60807, i64 0, i64 0)) #76 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #76 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.57011, i64 0, i64 0), i16* %21, i8* nonnull %6) #76 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.57013, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.57016, i64 0, i64 0)) #77 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.46626, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #76 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.46627, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.46628, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #76 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #76 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %53, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.117* [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.117, %struct.anon.117* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11006, i64 0, i64 0), i64 %178) #76 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.117* [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.117, %struct.anon.117* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11006, i64 0, i64 0), i64 %178) #76 %188 = icmp slt i64 %187, 0 br i1 %188, label %217, label %189 %190 = getelementptr i8, i8* %177, i64 %187 %191 = sub i64 %178, %187 br label %192 %193 = phi i64 [ %191, %189 ], [ %178, %183 ] %194 = phi i8* [ %190, %189 ], [ %177, %183 ] %195 = phi i8 [ %175, %189 ], [ 1, %183 ] %196 = load i8*, i8** %174, align 8 %197 = call i64 @strscpy(i8* %194, i8* %196, i64 %193) #76 ------------- Good: 4847 Bad: 24 Ignored: 2500 Check Use of Function:mqueue_create Check Use of Function:ieee80211_ibss_stop Check Use of Function:drm_mode_object_find Use: =BAD PATH= Call Stack: 0 intel_sprite_set_colorkey_ioctl ------------- Path:  Function:intel_sprite_set_colorkey_ioctl %4 = alloca %struct.drm_modeset_acquire_ctx, align 8 %5 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.417433* %6 = bitcast %struct.drm_modeset_acquire_ctx* %4 to i8* %7 = getelementptr inbounds i8, i8* %1, i64 16 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 4 %10 = and i32 %9, -2 store i32 %10, i32* %8, align 4 %11 = icmp ugt i32 %9, 7 %12 = and i32 %9, 6 %13 = icmp eq i32 %12, 6 %14 = or i1 %11, %13 br i1 %14, label %182, label %15 %16 = getelementptr inbounds %struct.drm_i915_private.417433, %struct.drm_i915_private.417433* %5, i64 0, i32 4, i32 0, i64 0 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 9437184 %19 = icmp eq i32 %18, 0 %20 = and i32 %9, 2 %21 = icmp eq i32 %20, 0 %22 = or i1 %21, %19 br i1 %22, label %23, label %182 %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 %26 = tail call %struct.drm_mode_object.381367* @drm_mode_object_find(%struct.drm_device.381449* %0, %struct.drm_file* %2, i32 %25, i32 -286331154) #76 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.554427, align 8 %6 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %7 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %19 = bitcast i8* %1 to i32* %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 16777216 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 %26 = getelementptr inbounds i8, i8* %1, i64 32 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = tail call %struct.drm_mode_object.381367* @drm_mode_object_find(%struct.drm_device.381449* %0, %struct.drm_file* %2, i32 %28, i32 -858993460) #76 ------------- Use: =BAD PATH= Call Stack: 0 intel_get_pipe_from_crtc_id_ioctl ------------- Path:  Function:intel_get_pipe_from_crtc_id_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 %6 = tail call %struct.drm_mode_object.381367* @drm_mode_object_find(%struct.drm_device.381449* %0, %struct.drm_file* %2, i32 %5, i32 -858993460) #76 ------------- Good: 6 Bad: 3 Ignored: 15 Check Use of Function:drm_gem_fb_create_handle Check Use of Function:drm_is_current_master Use: =BAD PATH= Call Stack: 0 drm_ioctl_kernel 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.util_est, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %16 = bitcast %struct.util_est* %4 to i8* %17 = bitcast %struct.drm_i915_getparam* %5 to i8* %18 = inttoptr i64 %2 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %16, i8* %18, i64 8) #76 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %32 %22 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 0 store i32 %23, i32* %24, align 8 %25 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to i8* %29 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 1 %30 = bitcast i32** %29 to i8** store i8* %28, i8** %30, align 8 %31 = call i64 bitcast (i64 (%struct.file*, i32 (%struct.drm_device.391939*, i8*, %struct.drm_file.391906*)*, i8*, i32)* @drm_ioctl_kernel to i64 (%struct.file.434817*, i32 (%struct.drm_device.434918*, i8*, %struct.drm_file.434822*)*, i8*, i32)*)(%struct.file.434817* %0, i32 (%struct.drm_device.434918*, i8*, %struct.drm_file.434822*)* nonnull bitcast (i32 (%struct.drm_device.381449*, i8*, %struct.drm_file*)* @i915_getparam_ioctl to i32 (%struct.drm_device.434918*, i8*, %struct.drm_file.434822*)*), i8* nonnull %17, i32 32) #76 Function:drm_ioctl_kernel %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.391906** %8 = load %struct.drm_file.391906*, %struct.drm_file.391906** %7, align 8 %9 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 13 %10 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %9, align 8 %11 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %10, i64 0, i32 3 %12 = load %struct.drm_device.391939*, %struct.drm_device.391939** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = call zeroext i1 bitcast (i1 (%struct.drm_device.381449*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.391939*, i32*)*)(%struct.drm_device.391939* %12, i32* nonnull %5) #76 br i1 %14, label %16, label %15 %17 = load i32, i32* %5, align 4 call void @drm_dev_exit(i32 %17) #76 %18 = and i32 %3, 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %21 = call zeroext i1 @capable(i32 21) #76 br i1 %21, label %22, label %67, !prof !4, !misexpect !5 %23 = and i32 %3, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %34, label %25 %26 = load %struct.drm_minor.391904*, %struct.drm_minor.391904** %9, align 8 %27 = getelementptr inbounds %struct.drm_minor.391904, %struct.drm_minor.391904* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, 2 br i1 %29, label %34, label %30 %31 = getelementptr inbounds %struct.drm_file.391906, %struct.drm_file.391906* %8, i64 0, i32 0 %32 = load i8, i8* %31, align 8, !range !6 %33 = icmp eq i8 %32, 1 br i1 %33, label %34, label %67, !prof !4, !misexpect !5 %35 = and i32 %3, 2 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %38 = call zeroext i1 bitcast (i1 (%struct.drm_file*)* @drm_is_current_master to i1 (%struct.drm_file.391906*)*)(%struct.drm_file.391906* %8) #76 ------------- Good: 6 Bad: 1 Ignored: 16 Check Use of Function:device_set_wakeup_capable Check Use of Function:drm_gem_handle_create Check Use of Function:drm_atomic_helper_dirtyfb Check Use of Function:drm_atomic_get_plane_state Check Use of Function:i915_active_ref Check Use of Function:compat_table_info Check Use of Function:n_null_close Check Use of Function:intel_ring_begin Check Use of Function:tcp_set_congestion_control Check Use of Function:bad_area Check Use of Function:ieee80211_send_delba Check Use of Function:i915_request_create Check Use of Function:intel_overlay_release_old_vid Check Use of Function:drm_modeset_lock_all Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 tail call void bitcast (void (%struct.drm_device.396514*)* @drm_modeset_lock_all to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.554427, align 8 %6 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %7 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %19 = bitcast i8* %1 to i32* %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 16777216 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 tail call void bitcast (void (%struct.drm_device.396514*)* @drm_modeset_lock_all to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 pri_wm_latency_write ------------- Path:  Function:pri_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.437765** %10 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 96, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 96, i32 0, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #76 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.437765** %14 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #76 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.39760, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #77 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.396514*)* @drm_modeset_lock_all to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %15) #76 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 spr_wm_latency_write ------------- Path:  Function:spr_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.437765** %10 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 96, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 96, i32 1, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #76 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.437765** %14 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #76 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.39760, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #77 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.396514*)* @drm_modeset_lock_all to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %15) #76 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 cur_wm_latency_write ------------- Path:  Function:cur_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.437765** %10 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 96, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %10, i64 0, i32 96, i32 2, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #76 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.437765** %14 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #76 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.39760, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #77 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.396514*)* @drm_modeset_lock_all to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %15) #76 ------------- Good: 13 Bad: 5 Ignored: 20 Check Use of Function:thermal_zone_device_critical Check Use of Function:dev_set_alias Check Use of Function:drm_dev_dbg Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %5 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.381449* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44045, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.554427, align 8 %6 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.554641* %7 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %12 = icmp eq %struct.drm_device.381449* %0, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %11 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44045, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %5 = getelementptr inbounds i8, i8* %1, i64 8 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = zext i32 %7 to i64 %9 = add nsw i64 %8, -1 %10 = icmp ult i64 %9, 2147483647 br i1 %10, label %18, label %11 %12 = icmp eq %struct.drm_device.381449* %0, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %11 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.40928, i64 0, i64 0), i64 %8) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_write ------------- Path:  Function:i915_dsc_fec_support_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.intel_connector.437683** %11 = load %struct.intel_connector.437683*, %struct.intel_connector.437683** %10, align 8 %12 = getelementptr inbounds %struct.intel_connector.437683, %struct.intel_connector.437683* %11, i64 0, i32 1 %13 = load %struct.intel_encoder.437653*, %struct.intel_encoder.437653** %12, align 8 %14 = bitcast %struct.intel_encoder.437653* %13 to %struct.drm_i915_private.437765** %15 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %14, align 8 %16 = getelementptr inbounds %struct.intel_encoder.437653, %struct.intel_encoder.437653* %13, i64 0, i32 1 %17 = load i32, i32* %16, align 8 switch i32 %17, label %24 [ i32 10, label %18 i32 7, label %18 i32 8, label %18 i32 6, label %18 i32 11, label %20 ] %25 = phi %struct.intel_digital_port.437680* [ %19, %18 ], [ %23, %20 ], [ null, %4 ] %26 = icmp eq i64 %2, 0 br i1 %26, label %51, label %27 %28 = icmp eq %struct.drm_i915_private.437765* %15, null br i1 %28, label %32, label %29 %33 = phi %struct.device* [ %31, %29 ], [ null, %27 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %33, i32 2, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.255.39776, i64 0, i64 0), i64 %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #76 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39745, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #76 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #77 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 store i32 50, i32* %5, align 4 %28 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %28, label %41, label %37 %42 = phi i32 [ %38, %37 ], [ %33, %36 ], [ 50, %27 ] %43 = phi %struct.device* [ %40, %37 ], [ null, %36 ], [ null, %27 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([45 x i8], [45 x i8]* @.str.40.39744, i64 0, i64 0), i32 %42) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.437765** %12 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #76 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #77 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39738, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #76 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68 %38 = icmp eq %struct.drm_i915_private.437765* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.39739, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.39740, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.39741, i64 0, i64 0), i8* %46) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.435861** %7 = load %struct.i915_gpu_coredump.435861*, %struct.i915_gpu_coredump.435861** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.435861* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.435861, %struct.i915_gpu_coredump.435861* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %10, align 8 %12 = icmp eq %struct.drm_i915_private.435893* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.42.39489, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 check_for_unclaimed_mmio 1 intel_uncore_forcewake_user_put 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.435893** %5 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.428020*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.435570*)*)(%struct.intel_uncore.435570* %10) #76 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #76 %4 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.428020* %0) #77 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39258, i64 0, i64 0)) #76 br label %26 %27 = load i8*, i8** %13, align 8 %28 = getelementptr i8, i8* %27, i64 271104 %29 = bitcast i8* %28 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %29) #6, !srcloc !8 br label %30 %31 = phi i8 [ 0, %7 ], [ 1, %26 ], [ 0, %12 ] %32 = load i32, i32* %8, align 4 %33 = and i32 %32, 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35 %52 = phi i32 [ %50, %47 ], [ %32, %30 ] %53 = phi i8 [ %49, %47 ], [ %31, %30 ] %54 = and i32 %52, 8 %55 = icmp eq i32 %54, 0 br i1 %55, label %79, label %56 %57 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 0 %58 = load i8*, i8** %57, align 8 %59 = getelementptr i8, i8* %58, i64 1179648 %60 = bitcast i8* %59 to i32* %61 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %60) #6, !srcloc !4 %62 = icmp ne i32 %61, 0 br i1 %62, label %63, label %75, !prof !5, !misexpect !7 %64 = getelementptr inbounds %struct.intel_uncore.428020, %struct.intel_uncore.428020* %0, i64 0, i32 1 %65 = load %struct.drm_i915_private.428358*, %struct.drm_i915_private.428358** %64, align 8 %66 = icmp eq %struct.drm_i915_private.428358* %65, null br i1 %66, label %70, label %67 %68 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %65, i64 0, i32 0, i32 2 %69 = load %struct.device*, %struct.device** %68, align 8 br label %70 %71 = phi %struct.device* [ %69, %67 ], [ null, %63 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %71, i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.36.39259, i64 0, i64 0), i32 %61) #77 ------------- Use: =BAD PATH= Call Stack: 0 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.422916** %12 = load %struct.drm_i915_private.422916*, %struct.drm_i915_private.422916** %11, align 8 %13 = icmp eq %struct.drm_i915_private.422916* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.38788, i64 0, i64 0)) #76 ------------- Use: =BAD PATH= Call Stack: 0 drm_managed_release 1 drm_dev_put 2 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.448538** %5 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.381449* %9) #76 Function:drm_dev_put %2 = icmp eq %struct.drm_device.381449* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.381449* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.381449*)*, void (%struct.drm_device.381449*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.381449*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.381449* %16) #76 br label %24 tail call void bitcast (void (%struct.drm_device.407375*)* @drm_managed_release to void (%struct.drm_device.381449*)*)(%struct.drm_device.381449* %16) #76 Function:drm_managed_release %2 = icmp eq %struct.drm_device.407375* %0, null br i1 %2, label %6, label %3 %7 = phi %struct.device* [ %5, %3 ], [ null, %1 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %7, i32 512, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.38279, i64 0, i64 0)) #76 ------------- Good: 3081 Bad: 11 Ignored: 2019 Check Use of Function:filename_parentat Check Use of Function:drm_modeset_unlock_all Check Use of Function:drm_connector_free Check Use of Function:chroot_fs_refs Check Use of Function:proc_alloc_inum Check Use of Function:qdisc_notify Check Use of Function:__i915_active_wait Check Use of Function:ext4_iomap_swap_activate Check Use of Function:create_elf_tables Check Use of Function:iowrite32 Check Use of Function:_find_first_bit Use: =BAD PATH= Call Stack: 0 __caps_show 1 caps_show ------------- Path:  Function:caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.422822** %6 = load %struct.intel_engine_cs.422822*, %struct.intel_engine_cs.422822** %5, align 8 %7 = getelementptr inbounds %struct.intel_engine_cs.422822, %struct.intel_engine_cs.422822* %6, i64 0, i32 12 %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.422822* %6, i64 %9, i8* %2, i1 zeroext true) #76 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.422822, %struct.intel_engine_cs.422822* %0, i64 0, i32 8 %7 = load i8, i8* %6, align 8 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 __caps_show 1 all_caps_show ------------- Path:  Function:all_caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.422822** %6 = load %struct.intel_engine_cs.422822*, %struct.intel_engine_cs.422822** %5, align 8 %7 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.422822* %6, i64 -1, i8* %2, i1 zeroext false) #76 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.422822, %struct.intel_engine_cs.422822* %0, i64 0, i32 8 %7 = load i8, i8* %6, align 8 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.364049*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.util_est, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.364039, %struct.tty_struct.364039* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.364049** %15 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363907** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363907**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.363907* %19 = getelementptr inbounds %struct.task_struct.363907, %struct.task_struct.363907* %18, i64 0, i32 95 %20 = load %struct.signal_struct.363803*, %struct.signal_struct.363803** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.363803, %struct.signal_struct.363803* %20, i64 0, i32 24 %22 = load %struct.tty_struct.364039*, %struct.tty_struct.364039** %21, align 8 %23 = icmp eq %struct.tty_struct.364039* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #76 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.364049, %struct.vc_data.364049* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] br i1 %28, label %126, label %760 %127 = trunc i64 %2 to i32 %128 = tail call i32 @vt_do_kdskbmode(i32 %32, i32 %127) #76 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #76 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %50 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %51 = load i8, i8* %50, align 1 %52 = and i8 %51, -113 %53 = or i8 %52, 48 store i8 %53, i8* %50, align 1 store i32 0, i32* @shift_state, align 4 %54 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #76 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.364039, %struct.tty_struct.364039* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.364049** %8 = load %struct.vc_data.364049*, %struct.vc_data.364049** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363907** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363907**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.363907* %14 = getelementptr inbounds %struct.task_struct.363907, %struct.task_struct.363907* %13, i64 0, i32 95 %15 = load %struct.signal_struct.363803*, %struct.signal_struct.363803** %14, align 32 %16 = getelementptr inbounds %struct.signal_struct.363803, %struct.signal_struct.363803* %15, i64 0, i32 24 %17 = load %struct.tty_struct.364039*, %struct.tty_struct.364039** %16, align 8 %18 = icmp eq %struct.tty_struct.364039* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #76 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.364039* %0, i32 %1, i64 %10) #77 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.364049*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.util_est, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.364039, %struct.tty_struct.364039* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.364049** %15 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363907** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363907**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.363907* %19 = getelementptr inbounds %struct.task_struct.363907, %struct.task_struct.363907* %18, i64 0, i32 95 %20 = load %struct.signal_struct.363803*, %struct.signal_struct.363803** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.363803, %struct.signal_struct.363803* %20, i64 0, i32 24 %22 = load %struct.tty_struct.364039*, %struct.tty_struct.364039** %21, align 8 %23 = icmp eq %struct.tty_struct.364039* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #76 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.364049, %struct.vc_data.364049* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] br i1 %28, label %126, label %760 %127 = trunc i64 %2 to i32 %128 = tail call i32 @vt_do_kdskbmode(i32 %32, i32 %127) #76 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #76 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %50 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %51 = load i8, i8* %50, align 1 %52 = and i8 %51, -113 %53 = or i8 %52, 48 store i8 %53, i8* %50, align 1 store i32 0, i32* @shift_state, align 4 %54 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #76 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.364049*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.util_est, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.364039, %struct.tty_struct.364039* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.364049** %15 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363907** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363907**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.363907* %19 = getelementptr inbounds %struct.task_struct.363907, %struct.task_struct.363907* %18, i64 0, i32 95 %20 = load %struct.signal_struct.363803*, %struct.signal_struct.363803** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.363803, %struct.signal_struct.363803* %20, i64 0, i32 24 %22 = load %struct.tty_struct.364039*, %struct.tty_struct.364039** %21, align 8 %23 = icmp eq %struct.tty_struct.364039* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #76 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.364049, %struct.vc_data.364049* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] br i1 %28, label %126, label %760 %127 = trunc i64 %2 to i32 %128 = tail call i32 @vt_do_kdskbmode(i32 %32, i32 %127) #76 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #76 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %16 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %17 = load i8, i8* %16, align 1 %18 = and i8 %17, -113 store i8 %18, i8* %16, align 1 store i32 0, i32* @shift_state, align 4 %19 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #76 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.364039, %struct.tty_struct.364039* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.364049** %8 = load %struct.vc_data.364049*, %struct.vc_data.364049** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363907** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363907**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.363907* %14 = getelementptr inbounds %struct.task_struct.363907, %struct.task_struct.363907* %13, i64 0, i32 95 %15 = load %struct.signal_struct.363803*, %struct.signal_struct.363803** %14, align 32 %16 = getelementptr inbounds %struct.signal_struct.363803, %struct.signal_struct.363803* %15, i64 0, i32 24 %17 = load %struct.tty_struct.364039*, %struct.tty_struct.364039** %16, align 8 %18 = icmp eq %struct.tty_struct.364039* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #76 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.364039* %0, i32 %1, i64 %10) #77 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.364049*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.util_est, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.364039, %struct.tty_struct.364039* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.364049** %15 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363907** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363907**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.363907* %19 = getelementptr inbounds %struct.task_struct.363907, %struct.task_struct.363907* %18, i64 0, i32 95 %20 = load %struct.signal_struct.363803*, %struct.signal_struct.363803** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.363803, %struct.signal_struct.363803* %20, i64 0, i32 24 %22 = load %struct.tty_struct.364039*, %struct.tty_struct.364039** %21, align 8 %23 = icmp eq %struct.tty_struct.364039* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #76 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.364049*, %struct.vc_data.364049** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.364049, %struct.vc_data.364049* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] br i1 %28, label %126, label %760 %127 = trunc i64 %2 to i32 %128 = tail call i32 @vt_do_kdskbmode(i32 %32, i32 %127) #76 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #76 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %16 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %17 = load i8, i8* %16, align 1 %18 = and i8 %17, -113 store i8 %18, i8* %16, align 1 store i32 0, i32* @shift_state, align 4 %19 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 eventfd_release ------------- Path:  Function:eventfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.eventfd_ctx** %5 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %6, i32 3, i32 1, i8* nonnull inttoptr (i64 16 to i8*)) #76 %7 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 %17 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 11, i32 0, i32 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %22 tail call void @ida_free(%struct.ida* nonnull @eventfd_ida, i32 %19) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 pde_put 2 proc_readdir_de 3 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %4) #76 %6 = icmp eq %struct.net* %5, null br i1 %6, label %21, label %7 %8 = getelementptr inbounds %struct.net, %struct.net* %5, i64 0, i32 16 %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 32 %10 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %9) #77 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18467, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #76 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18468, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #76 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #76 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #76 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #76 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #76 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #77 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 pde_put 2 proc_readdir_de 3 proc_readdir 4 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 @proc_readdir(%struct.file* %0, %struct.dir_context* %1) #76 Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #76 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18467, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #76 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18468, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #76 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #76 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #76 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #76 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #76 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #77 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 pde_put 2 proc_readdir_de 3 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #76 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18467, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #76 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #76 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18468, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #76 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #76 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #76 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #76 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #76 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #76 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #77 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 devpts_kill_index 2 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #76 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 devpts_kill_index 2 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #76 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 nfs4_put_lock_state 2 nfs4_select_rw_stateid 3 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238264* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238263*, %struct.nfs_open_context.238263** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238263, %struct.nfs_open_context.238263* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #76 %28 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238293* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238293* %77) #76 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238293* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 nfs4_put_lock_state 2 nfs4_select_rw_stateid 3 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238264* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238264, %struct.nfs_lock_context.238264* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238263*, %struct.nfs_open_context.238263** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238263, %struct.nfs_open_context.238263* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #76 %28 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238293* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238293* %77) #76 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238293* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238262*, %struct.nfs4_state.238262** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 nfs4_set_lock_state 2 nfs4_proc_unlck 3 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.236617** %7 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.236616* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.236616* nonnull %9, %struct.file_lock* %2) #76 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.236616, %struct.nfs4_state.236616* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.236614*, %struct.nfs4_state_owner.236614** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 17 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.238262*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.236616*, %struct.file_lock*)*)(%struct.nfs4_state.236616* %0, %struct.file_lock* %1) #76 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %115 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 %11 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to %struct.nfs4_lock_state.238293** %13 = bitcast %struct.spinlock* %9 to i8* %14 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 br label %15 %16 = phi %struct.nfs4_lock_state.238293* [ null, %6 ], [ %63, %94 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %17 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %12, align 8 %18 = getelementptr %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %17, i64 0, i32 0 %19 = icmp eq %struct.list_head* %18, %11 br i1 %19, label %47, label %20 %21 = phi %struct.nfs4_lock_state.238293* [ %30, %26 ], [ %17, %15 ] %22 = phi %struct.nfs4_lock_state.238293* [ %28, %26 ], [ null, %15 ] %23 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %21, i64 0, i32 6 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, %8 br i1 %25, label %33, label %26 %27 = icmp eq i8* %24, null %28 = select i1 %27, %struct.nfs4_lock_state.238293* %21, %struct.nfs4_lock_state.238293* %22 %29 = bitcast %struct.nfs4_lock_state.238293* %21 to %struct.nfs4_lock_state.238293** %30 = load %struct.nfs4_lock_state.238293*, %struct.nfs4_lock_state.238293** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %11 br i1 %32, label %33, label %20 %34 = phi %struct.nfs4_lock_state.238293* [ %28, %26 ], [ %21, %20 ] %35 = icmp eq %struct.nfs4_lock_state.238293* %34, null br i1 %35, label %47, label %36 %48 = icmp eq %struct.nfs4_lock_state.238293* %16, null br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %16, i64 0, i32 0 %51 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %52 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %17, i64 0, i32 0, i32 1 store %struct.list_head* %50, %struct.list_head** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %16, i64 0, i32 0, i32 0 store %struct.list_head* %18, %struct.list_head** %53, align 8 %54 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %16, i64 0, i32 0, i32 1 store %struct.list_head* %11, %struct.list_head** %54, align 8 store volatile %struct.list_head* %50, %struct.list_head** %51, align 8 %55 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %56 = bitcast i64* %55 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i32 1, i8* %56) #6, !srcloc !8 br label %99 %100 = phi %struct.nfs4_lock_state.238293* [ %16, %49 ], [ %34, %46 ], [ %34, %42 ], [ %34, %41 ] %101 = phi %struct.nfs4_lock_state.238293* [ null, %49 ], [ %16, %46 ], [ %16, %42 ], [ %16, %41 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %102 = icmp eq %struct.nfs4_lock_state.238293* %101, null br i1 %102, label %112, label %103 %104 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %14, align 8 %105 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %104, i64 0, i32 0 %106 = load %struct.nfs_server.238234*, %struct.nfs_server.238234** %105, align 8 %107 = getelementptr inbounds %struct.nfs_server.238234, %struct.nfs_server.238234* %106, i64 0, i32 46 %108 = getelementptr inbounds %struct.nfs4_lock_state.238293, %struct.nfs4_lock_state.238293* %101, i64 0, i32 3, i32 1 %109 = load i32, i32* %108, align 8 tail call void @ida_free(%struct.ida* %107, i32 %109) #76 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp sgt i32 %1, -1 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %18, label %17, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %20 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #76 %21 = call i8* @xas_load(%struct.xa_state* nonnull %3) #76 %22 = ptrtoint i8* %21 to i64 %23 = and i64 %22, 1 %24 = icmp eq i64 %23, 0 br i1 %24, label %42, label %25 %43 = zext i32 %14 to i64 %44 = bitcast i8* %21 to i64* %45 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !8 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %57, label %48 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %44, i64 %43) #6, !srcloc !9 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #76 %49 = call i64 @_find_first_bit(i64* %44, i64 1024) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #76 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #76 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #76 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #76 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #76 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #76 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #76 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #76 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #76 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #76 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #76 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #76 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #76 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #76 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #76 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #76 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #76 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #76 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #76 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #76 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273402* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #76 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #76 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #76 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #76 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273402*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #76 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273402, %struct.selinux_state.273402* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #76 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #76 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #76 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #76 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #76 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #76 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #76 ------------- Good: 687 Bad: 31 Ignored: 1435 Check Use of Function:ww_mutex_lock Use: =BAD PATH= Call Stack: 0 dma_buf_poll ------------- Path:  Function:dma_buf_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.dma_buf** %5 = load %struct.dma_buf*, %struct.dma_buf** %4, align 8 %6 = icmp eq %struct.dma_buf* %5, null br i1 %6, label %150, label %7 %8 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 13 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = icmp eq %struct.dma_resv* %9, null br i1 %10, label %150, label %11 %12 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 14 %13 = icmp eq %struct.poll_table_struct* %1, null br i1 %13, label %26, label %14 %27 = phi i32 [ %24, %21 ], [ 5, %11 ] %28 = phi i32 [ %23, %21 ], [ -1, %11 ] %29 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %9, i64 0, i32 0 %30 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %29, %struct.ww_acquire_ctx* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_set_tiling 1 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.381449* %0 to %struct.drm_i915_private.435893* %5 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %4, i64 0, i32 60, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %151, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #76 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.435908* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !5 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !6, !misexpect !7 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #76 br label %37 %38 = icmp eq i32 %32, 0 %39 = select i1 %38, %struct.drm_i915_gem_object.435908* null, %struct.drm_i915_gem_object.435908* %14 br label %40 %41 = phi %struct.drm_i915_gem_object.435908* [ null, %8 ], [ %39, %37 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %42 = icmp eq %struct.drm_i915_gem_object.435908* %41, null br i1 %42, label %151, label %43 %44 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %41, i64 0, i32 1 %45 = load %struct.drm_i915_gem_object_ops.435896*, %struct.drm_i915_gem_object_ops.435896** %44, align 8 %46 = getelementptr inbounds %struct.drm_i915_gem_object_ops.435896, %struct.drm_i915_gem_object_ops.435896* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 4 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %138 %51 = getelementptr inbounds i8, i8* %1, i64 4 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr inbounds i8, i8* %1, i64 8 %55 = bitcast i8* %54 to i32* %56 = load i32, i32* %55, align 4 %57 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %41, i64 0, i32 0, i32 0, i32 0, i32 2 %58 = bitcast %struct.drm_device.381449** %57 to %struct.drm_i915_private.435893** %59 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %58, align 8 %60 = icmp eq i32 %53, 0 br i1 %60, label %107, label %61 %62 = icmp ugt i32 %53, 2 br i1 %62, label %138, label %63 %64 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %59, i64 0, i32 3, i32 0 %65 = load i8, i8* %64, align 8 %66 = icmp ugt i8 %65, 6 br i1 %66, label %67, label %69 %70 = icmp ugt i8 %65, 3 br i1 %70, label %71, label %73 %74 = icmp ugt i32 %56, 8192 br i1 %74, label %138, label %75 %76 = zext i32 %56 to i64 %78 = icmp eq i64 %77, 1 br i1 %78, label %79, label %138 %80 = icmp eq i8 %65, 2 br i1 %80, label %89, label %81 %82 = icmp eq i32 %53, 2 br i1 %82, label %83, label %94 %84 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %59, i64 0, i32 4, i32 0, i64 0 %85 = load i32, i32* %84, align 4 %86 = and i32 %85, 384 %87 = icmp eq i32 %86, 0 %88 = icmp ne i32 %56, 0 br i1 %87, label %103, label %99 %100 = and i32 %56, 511 %101 = icmp eq i32 %100, 0 %102 = and i1 %88, %101 br i1 %102, label %118, label %138 %119 = getelementptr inbounds %struct.drm_i915_private.435893, %struct.drm_i915_private.435893* %4, i64 0, i32 60, i32 10 %120 = load i32, i32* %119, align 4 %121 = getelementptr inbounds i8, i8* %1, i64 12 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 br label %123 %124 = phi i32* [ %122, %118 ], [ %117, %112 ] %125 = phi i32 [ %120, %118 ], [ %115, %112 ] switch i32 %125, label %129 [ i32 6, label %126 i32 7, label %127 i32 5, label %128 ] %130 = phi i32 [ %56, %123 ], [ %56, %127 ], [ %56, %126 ], [ 0, %128 ], [ 0, %107 ] %131 = phi i32 [ %53, %123 ], [ %53, %127 ], [ %53, %126 ], [ 0, %128 ], [ 0, %107 ] %132 = tail call i32 @i915_gem_object_set_tiling(%struct.drm_i915_gem_object.435908* nonnull %41, i32 %131, i32 %130) #77 Function:i915_gem_object_set_tiling %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %6 = bitcast %struct.drm_device.381449** %5 to %struct.drm_i915_private.435893** %7 = load %struct.drm_i915_private.435893*, %struct.drm_i915_private.435893** %6, align 8 %8 = or i32 %2, %1 %9 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %8, %10 br i1 %11, label %317, label %12 %13 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %0, i64 0, i32 16 %14 = load volatile %struct.intel_frontbuffer.435834*, %struct.intel_frontbuffer.435834** %13, align 8 %15 = icmp eq %struct.intel_frontbuffer.435834* %14, null br i1 %15, label %16, label %317 %17 = getelementptr inbounds %struct.drm_i915_gem_object.435908, %struct.drm_i915_gem_object.435908* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %18 = load %struct.dma_resv*, %struct.dma_resv** %17, align 8 %19 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %18, i64 0, i32 0 %20 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %19, %struct.ww_acquire_ctx* null) #76 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_flush_if_display 1 i915_gem_sw_finish_ioctl ------------- Path:  Function:i915_gem_sw_finish_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %7 = zext i32 %5 to i64 %8 = tail call i8* @idr_find(%struct.idr* %6, i64 %7) #76 %9 = bitcast i8* %8 to %struct.drm_i915_gem_object.448284* %10 = icmp eq i8* %8, null br i1 %10, label %35, label %11 %12 = bitcast i8* %8 to %struct.seqcount_spinlock* %13 = bitcast i8* %8 to i32* %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %11 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %13, i32 %18, i32* nonnull %13, i32 %17) #6, !srcloc !5 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !6, !misexpect !7 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %11 ], [ %17, %16 ], [ 0, %23 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %12, i32 0) #76 br label %32 %33 = icmp eq i32 %27, 0 %34 = select i1 %33, %struct.drm_i915_gem_object.448284* null, %struct.drm_i915_gem_object.448284* %9 br label %35 %36 = phi %struct.drm_i915_gem_object.448284* [ null, %3 ], [ %34, %32 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %37 = icmp eq %struct.drm_i915_gem_object.448284* %36, null br i1 %37, label %50, label %38 tail call void bitcast (void (%struct.drm_i915_gem_object.486024*)* @i915_gem_object_flush_if_display to void (%struct.drm_i915_gem_object.448284*)*)(%struct.drm_i915_gem_object.448284* nonnull %36) #76 Function:i915_gem_object_flush_if_display %2 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %0, i64 0, i32 16 %3 = load volatile %struct.intel_frontbuffer.486014*, %struct.intel_frontbuffer.486014** %2, align 8 %4 = icmp eq %struct.intel_frontbuffer.486014* %3, null br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.drm_i915_gem_object.486024, %struct.drm_i915_gem_object.486024* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %7 = load %struct.dma_resv*, %struct.dma_resv** %6, align 8 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %7, i64 0, i32 0 %9 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %8, %struct.ww_acquire_ctx* null) #76 ------------- Good: 371 Bad: 3 Ignored: 357 Check Use of Function:cgroup_free_root Check Use of Function:timens_install Check Use of Function:i915_gem_ww_ctx_backoff Check Use of Function:drm_send_event_timestamp_locked Check Use of Function:nfs_file_read Check Use of Function:drm_vblank_get Check Use of Function:seccomp_notify_ioctl Check Use of Function:set_regdom Check Use of Function:perf_kprobe_init Check Use of Function:__lookup_hash Check Use of Function:drm_modeset_unlock Check Use of Function:ring_buffer_nest_end Check Use of Function:drm_property_create_blob Check Use of Function:drm_property_blob_put Check Use of Function:kmalloc_array.52393 Check Use of Function:drm_lease_held Check Use of Function:e1000_free_desc_rings.52397 Check Use of Function:drm_lease_filter_crtcs Check Use of Function:ext4_empty_dir Check Use of Function:drm_mode_destroy Check Use of Function:ext4_handle_dirty_dirblock Check Use of Function:drm_mode_create Check Use of Function:drm_debugfs_cleanup Check Use of Function:unmap_mapping_range Check Use of Function:acpi_scan_lock_release Check Use of Function:pci_read_config_byte Use: =BAD PATH= Call Stack: 0 subordinate_bus_number_show ------------- Path:  Function:subordinate_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.317892* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.317892* %6, i32 26, i8* nonnull %4) #76 ------------- Use: =BAD PATH= Call Stack: 0 secondary_bus_number_show ------------- Path:  Function:secondary_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.317892* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.317892* %6, i32 25, i8* nonnull %4) #76 ------------- Good: 184 Bad: 2 Ignored: 352 Check Use of Function:blk_rq_unmap_user Use: =BAD PATH= Call Stack: 0 sg_new_read 1 sg_read ------------- Path:  Function:sg_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 12 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.294752** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.294752**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.294752* %10 = getelementptr inbounds %struct.task_struct.294752, %struct.task_struct.294752* %9, i64 0, i32 84 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = icmp eq %struct.cred* %7, %11 br i1 %12, label %19, label %13 %20 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.sg_fd** %22 = load %struct.sg_fd*, %struct.sg_fd** %21, align 8 %23 = icmp eq %struct.sg_fd* %22, null br i1 %23, label %474, label %24 %25 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 1 %26 = load %struct.sg_device*, %struct.sg_device** %25, align 8 %27 = icmp eq %struct.sg_device* %26, null br i1 %27, label %474, label %28 %29 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 11 %30 = load i8, i8* %29, align 8 %31 = icmp ne i8 %30, 0 %32 = icmp ugt i64 %2, 35 %33 = and i1 %32, %31 br i1 %33, label %34, label %83 %84 = phi i32 [ %74, %71 ], [ -1, %28 ], [ -1, %64 ] %85 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 3 %86 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #76 %87 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 8 %88 = bitcast %struct.list_head* %87 to %struct.sg_request** %89 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %90 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %113, label %92 %93 = icmp eq i32 %84, -1 br label %94 %95 = phi %struct.sg_request* [ %89, %92 ], [ %110, %108 ] %96 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 8 %97 = load i8, i8* %96, align 1 %98 = icmp eq i8 %97, 1 br i1 %98, label %99, label %108 %100 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 7 %101 = load i8, i8* %100, align 2 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %108 br i1 %93, label %114, label %104 %105 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 3, i32 11 %106 = load i32, i32* %105, align 8 %107 = icmp eq i32 %106, %84 br i1 %107, label %114, label %108 %109 = bitcast %struct.sg_request* %95 to %struct.sg_request** %110 = load %struct.sg_request*, %struct.sg_request** %109, align 8 %111 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %110, i64 0, i32 0 %112 = icmp eq %struct.list_head* %111, %87 br i1 %112, label %113, label %94 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %86) #76 br label %117 %118 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %26, i64 0, i32 7, i32 0 %119 = load volatile i32, i32* %118, align 4 %120 = icmp eq i32 %119, 0 br i1 %120, label %121, label %474 %122 = getelementptr inbounds %struct.file.294777, %struct.file.294777* %0, i64 0, i32 7 %123 = load i32, i32* %122, align 8 %124 = and i32 %123, 2048 %125 = icmp eq i32 %124, 0 br i1 %125, label %126, label %474 %127 = tail call i32 @__cond_resched() #76 %128 = load volatile i32, i32* %118, align 4 %129 = icmp eq i32 %128, 0 br i1 %129, label %130, label %209 %131 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #76 %132 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %133 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 0 %134 = icmp eq %struct.list_head* %133, %87 br i1 %134, label %156, label %135 %136 = icmp eq i32 %84, -1 br label %137 %138 = phi %struct.sg_request* [ %132, %135 ], [ %153, %151 ] %139 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 8 %140 = load i8, i8* %139, align 1 %141 = icmp eq i8 %140, 1 br i1 %141, label %142, label %151 %143 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 7 %144 = load i8, i8* %143, align 2 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %151 br i1 %136, label %157, label %147 %158 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %138, i64 0, i32 8 store i8 2, i8* %158, align 1 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %131) #76 %159 = icmp eq %struct.sg_request* %138, null br i1 %159, label %160, label %209 %210 = phi %struct.sg_request* [ null, %126 ], [ %138, %157 ], [ %207, %205 ] %211 = phi i32 [ 0, %126 ], [ 0, %157 ], [ %208, %205 ] %212 = load volatile i32, i32* %118, align 4 %213 = icmp eq i32 %212, 0 br i1 %213, label %214, label %474 %215 = icmp eq i32 %211, 0 br i1 %215, label %218, label %216 %219 = phi %struct.sg_request* [ %95, %114 ], [ %210, %214 ] %220 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %219, i64 0, i32 3, i32 0 %221 = load i32, i32* %220, align 8 %222 = icmp eq i32 %221, 0 br i1 %222, label %225, label %223 %224 = call fastcc i64 @sg_new_read(%struct.sg_fd* nonnull %22, i8* %1, i64 %2, %struct.sg_request* %219) #78 Function:sg_new_read %5 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.294752** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.294752**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.294752* %8 = getelementptr inbounds %struct.task_struct.294752, %struct.task_struct.294752* %7, i64 0, i32 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = icmp ult i64 %2, 88 br i1 %15, label %70, label %16 %17 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 16 store i8 0, i8* %17, align 1 %18 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 3 %19 = load i8, i8* %18, align 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %52, label %21 %22 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 8 %23 = load i8*, i8** %22, align 8 %24 = icmp eq i8* %23, null br i1 %24, label %52, label %25 %26 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 14 %27 = load i8, i8* %26, align 1 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %35 %36 = icmp ult i8 %19, 96 %37 = select i1 %36, i8 %19, i8 96 %38 = zext i8 %37 to i32 %39 = getelementptr %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 7 %40 = load i8, i8* %39, align 1 %41 = zext i8 %40 to i32 %42 = add nuw nsw i32 %41, 8 %43 = icmp ugt i32 %42, %38 %44 = select i1 %43, i32 %38, i32 %42 %45 = zext i32 %44 to i64 %46 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 0 %47 = tail call i64 @_copy_to_user(i8* nonnull %23, i8* %46, i64 %45) #76 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %70 %71 = phi i32 [ %69, %68 ], [ -22, %12 ], [ -22, %14 ], [ -14, %35 ] %72 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 1 %73 = load %struct.sg_fd*, %struct.sg_fd** %72, align 8 %74 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 2 %75 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 10 %76 = load %struct.bio.294862*, %struct.bio.294862** %75, align 8 %77 = icmp eq %struct.bio.294862* %76, null br i1 %77, label %80, label %78 %79 = tail call i32 @blk_rq_unmap_user(%struct.bio.294862* nonnull %76) #76 ------------- Good: 16 Bad: 1 Ignored: 9 Check Use of Function:intel_modeset_driver_remove_nogem Check Use of Function:drm_framebuffer_lookup Check Use of Function:i915_gem_driver_remove Check Use of Function:i915_reset_error_state Check Use of Function:__ext4_warning_inode Check Use of Function:intel_modeset_driver_remove Check Use of Function:i915_gem_suspend Check Use of Function:i915_driver_release Check Use of Function:cancel_work_sync Use: =BAD PATH= Call Stack: 0 __pm_runtime_barrier 1 pm_runtime_barrier 2 pci_config_pm_runtime_get 3 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.317892* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #76 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 232, i32 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = sext i32 %16 to i64 %18 = icmp slt i64 %17, %4 br i1 %18, label %122, label %19 %20 = add i64 %5, %4 %21 = icmp ugt i64 %20, %17 %22 = trunc i64 %4 to i32 %23 = sub i32 %16, %22 %24 = zext i32 %23 to i64 %25 = select i1 %21, i32 %23, i32 %9 %26 = select i1 %21, i64 %24, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.317892* %8) #76 Function:pci_config_pm_runtime_get %2 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46 %3 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = icmp eq %struct.device* %4, null br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !4 %10 = tail call i32 @pm_runtime_barrier(%struct.device* %2) #76 Function:pm_runtime_barrier %2 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, 16 %8 = icmp eq i16 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ 1, %13 ], [ 0, %9 ], [ 0, %1 ] tail call fastcc void @__pm_runtime_barrier(%struct.device* %0) #77 Function:__pm_runtime_barrier %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %9, label %6 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, 16 %13 = icmp eq i16 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %15, align 8 %16 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = bitcast %struct.spinlock* %16 to i8* store volatile i8 0, i8* %17, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 10 %19 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_barrier 1 pm_runtime_barrier 2 pci_config_pm_runtime_get 3 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #76 %8 = bitcast i8* %7 to %struct.pci_dev.326387* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %124 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %35 = ptrtoint i8* %1 to i64 %36 = add i64 %33, %35 %37 = icmp ult i64 %36, %33 %38 = icmp ugt i64 %36, %34 %39 = or i1 %37, %38 br i1 %39, label %124, label %40, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.317892*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.326387*)*)(%struct.pci_dev.326387* %8) #76 Function:pci_config_pm_runtime_get %2 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46 %3 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = icmp eq %struct.device* %4, null br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.pci_dev.317892, %struct.pci_dev.317892* %0, i64 0, i32 46, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !4 %10 = tail call i32 @pm_runtime_barrier(%struct.device* %2) #76 Function:pm_runtime_barrier %2 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #76 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, 16 %8 = icmp eq i16 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ 1, %13 ], [ 0, %9 ], [ 0, %1 ] tail call fastcc void @__pm_runtime_barrier(%struct.device* %0) #77 Function:__pm_runtime_barrier %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %9, label %6 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, 16 %13 = icmp eq i16 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %15, align 8 %16 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = bitcast %struct.spinlock* %16 to i8* store volatile i8 0, i8* %17, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 10 %19 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %18) #76 ------------- Use: =BAD PATH= Call Stack: 0 intel_fbc_reset_underrun 1 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.437765** %8 = load %struct.drm_i915_private.437765*, %struct.drm_i915_private.437765** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #76 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.437765* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.437765, %struct.drm_i915_private.437765* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.437606* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #76 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = getelementptr i8, i8* %26, i64 824 %37 = bitcast i8* %36 to %struct.intel_crtc_state.437601** %38 = load %struct.intel_crtc_state.437601*, %struct.intel_crtc_state.437601** %37, align 8 %39 = getelementptr inbounds %struct.intel_crtc_state.437601, %struct.intel_crtc_state.437601* %38, i64 0, i32 0, i32 19 %40 = load %struct.drm_crtc_commit.381381*, %struct.drm_crtc_commit.381381** %39, align 8 %41 = icmp eq %struct.drm_crtc_commit.381381* %40, null br i1 %41, label %50, label %42 %51 = getelementptr inbounds %struct.intel_crtc_state.437601, %struct.intel_crtc_state.437601* %38, i64 0, i32 1, i32 0 %52 = load i8, i8* %51, align 8, !range !4 %53 = icmp eq i8 %52, 0 br i1 %53, label %67, label %54 call void @drm_modeset_unlock(%struct.drm_modeset_lock* %30) #76 %68 = bitcast i8* %26 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %17, %70 br i1 %71, label %72, label %25 %73 = call i32 bitcast (i32 (%struct.drm_i915_private.428358*)* @intel_fbc_reset_underrun to i32 (%struct.drm_i915_private.437765*)*)(%struct.drm_i915_private.437765* %8) #76 Function:intel_fbc_reset_underrun %2 = getelementptr inbounds %struct.drm_i915_private.428358, %struct.drm_i915_private.428358* %0, i64 0, i32 32, i32 12 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 con_cleanup ------------- Path:  Function:con_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.365875** %4 = load %struct.vc_data.365875*, %struct.vc_data.365875** %3, align 8 %5 = getelementptr inbounds %struct.vc_data.365875, %struct.vc_data.365875* %4, i64 0, i32 0 tail call void bitcast (void (%struct.tty_port.360674*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %5) #76 Function:tty_port_put %2 = icmp eq %struct.tty_port.360674* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.360674* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.360671** %20 = load %struct.tty_struct.360671*, %struct.tty_struct.360671** %19, align 8 %21 = icmp eq %struct.tty_struct.360671* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #76 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.360254*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.360674*)*)(%struct.tty_port.360674* %17) #76 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.360254, %struct.tty_port.360254* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.360674*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #76 Function:tty_port_put %2 = icmp eq %struct.tty_port.360674* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.360674* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.360671** %20 = load %struct.tty_struct.360671*, %struct.tty_struct.360671** %19, align 8 %21 = icmp eq %struct.tty_struct.360671* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #76 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.360254*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.360674*)*)(%struct.tty_port.360674* %17) #76 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.360254, %struct.tty_port.360254* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #76 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.360674*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #76 Function:tty_port_put %2 = icmp eq %struct.tty_port.360674* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.360674, %struct.tty_port.360674* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.360674* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.360671** %20 = load %struct.tty_struct.360671*, %struct.tty_struct.360671** %19, align 8 %21 = icmp eq %struct.tty_struct.360671* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #76 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.360254*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.360674*)*)(%struct.tty_port.360674* %17) #76 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.360254, %struct.tty_port.360254* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #76 ------------- Good: 141 Bad: 6 Ignored: 120 Check Use of Function:drm_minor_release Check Use of Function:i915_driver_lastclose Check Use of Function:exit_task_namespaces Check Use of Function:sta_info_destroy_addr Check Use of Function:ieee80211_sta_cap_rx_bw Check Use of Function:atomic_dec_and_mutex_lock Check Use of Function:drm_file_free Check Use of Function:tg3_frob_aux_power Check Use of Function:ata_acpi_ap_notify_dock Check Use of Function:acpi_lock_hp_context Check Use of Function:__ieee80211_tx_skb_tid_band Check Use of Function:ata_acpi_ap_uevent Check Use of Function:sparse_keymap_report_event Check Use of Function:init_chmod Check Use of Function:driver_unregister Check Use of Function:acpi_processor_ignore_ppc_init Check Use of Function:cpu_hotplug_enable Check Use of Function:simple_unlink Check Use of Function:may_delete Check Use of Function:ext4_create Check Use of Function:netdev_state_change Check Use of Function:ieee80211_led_exit Check Use of Function:rfkill_set_block Check Use of Function:ieee80211_reset_erp_info Check Use of Function:security_sb_kern_mount Check Use of Function:fs_context_for_mount Check Use of Function:sta_info_get Check Use of Function:__do_loopback Check Use of Function:tg3_write_indirect_reg32 Check Use of Function:kern_path Check Use of Function:ipcns_install Check Use of Function:mnt_warn_timestamp_expiry Check Use of Function:ieee80211_release_reorder_frame Check Use of Function:dev_change_carrier Check Use of Function:n_null_open Check Use of Function:rtc_cmos_read Check Use of Function:timens_commit Check Use of Function:copy_fs_struct Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #76 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #76 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %58 = getelementptr inbounds %struct.fs_struct, %struct.fs_struct* %52, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 1 br i1 %60, label %65, label %61 %62 = tail call %struct.fs_struct* @copy_fs_struct(%struct.fs_struct* nonnull %52) #76 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #76 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #76 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %58 = getelementptr inbounds %struct.fs_struct, %struct.fs_struct* %52, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 1 br i1 %60, label %65, label %61 %62 = tail call %struct.fs_struct* @copy_fs_struct(%struct.fs_struct* nonnull %52) #76 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:cgroupns_install Check Use of Function:random_ioctl Check Use of Function:__put_cred Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #76 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269528* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269528* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %347) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %17, i64 0, i32 16 %126 = load %struct.key.269418*, %struct.key.269418** %125, align 8 %127 = icmp eq %struct.key.269418* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269418, %struct.key.269418* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #77 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269528*, %struct.cred.269528** %13, align 8 %366 = icmp eq %struct.cred.269528* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %365) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %17, i64 0, i32 16 %126 = load %struct.key.269418*, %struct.key.269418** %125, align 8 %127 = icmp eq %struct.key.269418* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269418, %struct.key.269418* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #77 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269528*, %struct.cred.269528** %13, align 8 %366 = icmp eq %struct.cred.269528* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %365) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #76 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %17, i64 0, i32 16 %126 = load %struct.key.269418*, %struct.key.269418** %125, align 8 %127 = icmp eq %struct.key.269418* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269418, %struct.key.269418* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #77 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269528*, %struct.cred.269528** %13, align 8 %366 = icmp eq %struct.cred.269528* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %365) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %17, i64 0, i32 16 %126 = load %struct.key.269418*, %struct.key.269418** %125, align 8 %127 = icmp eq %struct.key.269418* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269418, %struct.key.269418* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #77 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269528*, %struct.cred.269528** %13, align 8 %366 = icmp eq %struct.cred.269528* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %365) #76 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #76 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #76 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24404, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #76 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #76 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #76 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.269824, align 8 %5 = alloca %struct.key.269418*, align 8 %6 = alloca %struct.key.269418*, align 8 %7 = bitcast %struct.keyring_search_context.269824* %4 to i8* %8 = bitcast %struct.key.269418** %5 to i8* %9 = bitcast %struct.key.269418** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269706** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269706**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.269706* %12 = getelementptr inbounds %struct.task_struct.269706, %struct.task_struct.269706* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.269824, %struct.keyring_search_context.269824* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269528*, %struct.cred.269528** %12, align 64 %18 = icmp eq %struct.cred.269528* %17, null br i1 %18, label %23, label %19 store %struct.cred.269528* %17, %struct.cred.269528** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %17, i64 0, i32 16 %126 = load %struct.key.269418*, %struct.key.269418** %125, align 8 %127 = icmp eq %struct.key.269418* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269418, %struct.key.269418* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #77 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269528*, %struct.cred.269528** %13, align 8 %366 = icmp eq %struct.cred.269528* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269528, %struct.cred.269528* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269528*)*)(%struct.cred.269528* nonnull %365) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation_on_close 2 nfs4_put_open_state 3 __nfs4_close 4 nfs4_close_sync 5 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %3, align 8 %5 = icmp eq %struct.nfs4_state.236616* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238262*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236616*, i32)*)(%struct.nfs4_state.236616* nonnull %4, i32 %13) #76 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238262* %0, i32 %1, i32 3264, i32 1) #76 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %6, i64 0, i32 5 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #76 %11 = and i32 %1, 3 switch i32 %11, label %24 [ i32 1, label %12 i32 2, label %16 i32 3, label %20 ] %21 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %22 = load i32, i32* %21, align 4 %23 = add i32 %22, -1 store i32 %23, i32* %21, align 4 br label %24 %25 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 12 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %63 %29 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 10 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %41 %33 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 8 %36 = load volatile i64, i64* %33, align 8 %37 = and i64 %36, 32 %38 = or i64 %37, %35 %39 = icmp ne i64 %38, 0 %40 = zext i1 %39 to i32 br label %41 %42 = phi i32 [ %40, %32 ], [ 0, %28 ] %43 = phi i32 [ 2, %32 ], [ 3, %28 ] %44 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 11 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %63 %64 = phi i32 [ %59, %61 ], [ %59, %47 ], [ 0, %24 ], [ %42, %41 ] %65 = phi i32 [ 0, %61 ], [ 1, %47 ], [ 3, %24 ], [ %43, %41 ] %66 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 13 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, %65 br i1 %68, label %95, label %69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %96 = bitcast %struct.spinlock* %9 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %97 = icmp eq i32 %64, 0 br i1 %97, label %98, label %117 tail call void @nfs4_put_open_state(%struct.nfs4_state.238262* %0) #77 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238258*, %struct.nfs4_state_owner.238258** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238258, %struct.nfs4_state_owner.238258* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #76 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #76 %12 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238262, %struct.nfs4_state.238262* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #76 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 25, i32 1 %6 = bitcast i64* %5 to %struct.nfs_delegation.236662** %7 = load volatile %struct.nfs_delegation.236662*, %struct.nfs_delegation.236662** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236662* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236662* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #76 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236662* %61, i32 0) #77 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241499** %8 = load %struct.nfs_server.241499*, %struct.nfs_server.241499** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241499, %struct.nfs_server.241499* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241562*, %struct.nfs_client.241562** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236662* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %34 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %33, i64 18 %35 = bitcast %struct.cpu_itimer* %34 to %struct.list_head* %36 = bitcast %struct.cpu_itimer* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #76 %172 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #76 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #76 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236662, %struct.nfs_delegation.236662* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_complete_unlink 1 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %8 tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %1, i64 2) #76 br label %8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4096 %12 = icmp eq i32 %11, 0 br i1 %12, label %25, label %13 tail call void bitcast (void (%struct.dentry.222936*, %struct.inode.222934*)* @nfs_complete_unlink to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %0, %struct.inode* %1) #76 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.222978, align 8 %4 = alloca %struct.rpc_task_setup.223016, align 8 %5 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.222999** %12 = load %struct.nfs_unlinkdata.222999*, %struct.nfs_unlinkdata.222999** %11, align 8 store i8* null, i8** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = bitcast %struct.anon.1* %5 to i8* store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %14 = getelementptr %struct.inode.222934, %struct.inode.222934* %1, i64 -1, i32 17 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %14, i64 9, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 2 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %118 %20 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %0, i64 0, i32 3 %21 = load %struct.dentry.222936*, %struct.dentry.222936** %20, align 8 %22 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %21, i64 0, i32 5 %23 = load %struct.inode.222934*, %struct.inode.222934** %22, align 8 %24 = getelementptr %struct.inode.222934, %struct.inode.222934* %23, i64 -1, i32 17 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %24, i64 19 %26 = bitcast %struct.cpu_itimer* %25 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %26) #76 %27 = load %struct.dentry.222936*, %struct.dentry.222936** %20, align 8 %28 = getelementptr inbounds %struct.nfs_unlinkdata.222999, %struct.nfs_unlinkdata.222999* %12, i64 0, i32 0, i32 2 %29 = getelementptr inbounds %struct.nfs_unlinkdata.222999, %struct.nfs_unlinkdata.222999* %12, i64 0, i32 3 %30 = tail call %struct.dentry.222936* bitcast (%struct.dentry.149376* (%struct.dentry.149376*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.222936* (%struct.dentry.222936*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.222936* %27, %struct.qstr* %28, %struct.wait_queue_head* %29) #76 %31 = icmp ugt %struct.dentry.222936* %30, inttoptr (i64 -4096 to %struct.dentry.222936*) br i1 %31, label %32, label %33 %34 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %30, i64 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, 268435456 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %54 %39 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %30, i64 0, i32 7, i32 0 %40 = bitcast %struct.anon.1* %39 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %40) #76 %41 = getelementptr inbounds %struct.dentry.222936, %struct.dentry.222936* %30, i64 0, i32 5 %42 = load %struct.inode.222934*, %struct.inode.222934** %41, align 8 %43 = icmp eq %struct.inode.222934* %42, null br i1 %43, label %114, label %44 %45 = load i32, i32* %34, align 8 %46 = and i32 %45, 4096 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %117 = bitcast %struct.anon.1* %39 to i8* store volatile i8 0, i8* %117, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.dentry.149376*)* @dput to void (%struct.dentry.222936*)*)(%struct.dentry.222936* %30) #76 tail call void @up_read(%struct.rw_semaphore* %26) #76 tail call void @kfree(i8* null) #76 br label %118 %119 = getelementptr inbounds %struct.nfs_unlinkdata.222999, %struct.nfs_unlinkdata.222999* %12, i64 0, i32 4 %120 = load %struct.cred*, %struct.cred** %119, align 8 %121 = icmp eq %struct.cred* %120, null br i1 %121, label %128, label %122 %123 = getelementptr inbounds %struct.cred, %struct.cred* %120, i64 0, i32 0, i32 0 %124 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %123, i32* %123) #6, !srcloc !6 %125 = and i8 %124, 1 %126 = icmp eq i8 %125, 0 br i1 %126, label %128, label %127 tail call void @__put_cred(%struct.cred* nonnull %120) #76 ------------- Use: =BAD PATH= Call Stack: 0 __put_nfs_open_context 1 nfs_file_clear_open_context 2 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %0, i64 0, i32 8 %4 = load %struct.super_block.215732*, %struct.super_block.215732** %3, align 8 %5 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.215891** %7 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.217066*)* @nfs_file_clear_open_context to void (%struct.file.215754*)*)(%struct.file.215754* %1) #76 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.217066, %struct.file.217066* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.217462** %4 = load %struct.nfs_open_context.217462*, %struct.nfs_open_context.217462** %3, align 8 %5 = icmp eq %struct.nfs_open_context.217462* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %4, i64 0, i32 2 %8 = load %struct.dentry.217372*, %struct.dentry.217372** %7, align 8 %9 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %8, i64 0, i32 5 %10 = load %struct.inode.217383*, %struct.inode.217383** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %10, i64 0, i32 9 %18 = load %struct.address_space.217384*, %struct.address_space.217384** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.121777*)* @invalidate_inode_pages2 to i32 (%struct.address_space.217384*)*)(%struct.address_space.217384* %18) #76 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.217462* nonnull %4, i32 1) #76 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 2 %4 = load %struct.dentry.217372*, %struct.dentry.217372** %3, align 8 %5 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %4, i64 0, i32 5 %6 = load %struct.inode.217383*, %struct.inode.217383** %5, align 8 %7 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %4, i64 0, i32 9 %8 = load %struct.super_block.217367*, %struct.super_block.217367** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 9 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %32, label %23 %33 = icmp eq %struct.inode.217383* %6, null br i1 %33, label %46, label %34 %47 = getelementptr inbounds %struct.nfs_open_context.217462, %struct.nfs_open_context.217462* %0, i64 0, i32 3 %48 = load %struct.cred*, %struct.cred** %47, align 8 %49 = icmp eq %struct.cred* %48, null br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 0, i32 0 %52 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !10 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 tail call void @__put_cred(%struct.cred* nonnull %48) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 %77 = xor i1 %76, true %78 = or i1 %55, %77 br i1 %78, label %91, label %79 br i1 %3, label %80, label %116 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %52, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = load %struct.super_block*, %struct.super_block** %53, align 8 %82 = getelementptr inbounds %struct.super_block, %struct.super_block* %81, i64 0, i32 28 %83 = bitcast i8** %82 to %struct.nfs_server.215077** %84 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %83, align 16 %85 = tail call i32 bitcast (i32 (%struct.nfs_server.217511*, %struct.inode.217383*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.215077*, %struct.inode*)*)(%struct.nfs_server.215077* %84, %struct.inode* %0) #76 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %120 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %88 = load i64, i64* %6, align 8 %89 = and i64 %88, 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %54, label %118 %119 = phi i8* [ %48, %47 ], [ %52, %87 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %119, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #76 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %83, label %11 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #76 %12 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 2, i64* %7) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %26, label %15 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #76 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 12, i32 1 %30 = bitcast i64* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #76 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #76 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 9, i32 1 %51 = load i64, i64* %50, align 8 %52 = and i64 %51, -9 store i64 %52, i64* %50, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %53 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %53, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %55 = icmp eq %struct.list_head* %54, %2 br i1 %55, label %83, label %56 %57 = phi %struct.list_head* [ %81, %80 ], [ %54, %49 ] %58 = getelementptr %struct.list_head, %struct.list_head* %57, i64 -2, i32 1 %59 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 0, i32 1 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr %struct.list_head, %struct.list_head* %57, i64 0, i32 0 %62 = load %struct.list_head*, %struct.list_head** %61, align 8 %63 = getelementptr inbounds %struct.list_head, %struct.list_head* %62, i64 0, i32 1 store %struct.list_head* %60, %struct.list_head** %63, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 0 store volatile %struct.list_head* %62, %struct.list_head** %64, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %61, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %59, align 8 %65 = getelementptr %struct.list_head, %struct.list_head* %57, i64 1 %66 = bitcast %struct.list_head* %65 to %struct.cred** %67 = load %struct.cred*, %struct.cred** %66, align 8 %68 = icmp eq %struct.cred* %67, null br i1 %68, label %75, label %69 %70 = getelementptr inbounds %struct.cred, %struct.cred* %67, i64 0, i32 0, i32 0 %71 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32* %70) #6, !srcloc !7 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %75, label %74 call void @__put_cred(%struct.cred* nonnull %67) #76 ------------- Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.157736*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #76 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 5 %3 = load %struct.dentry.157676*, %struct.dentry.157676** %2, align 8 %4 = icmp eq %struct.dentry.157676* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157314*, %struct.fs_context_operations.157314** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157314* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157314, %struct.fs_context_operations.157314* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.157736*)*, void (%struct.fs_context.157736*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.157736*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #76 %25 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.157736, %struct.fs_context.157736* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void @__put_cred(%struct.cred* nonnull %39) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_waitid 5 __se_compat_sys_waitid 6 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_waitid 5 __se_sys_waitid 6 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_waitid 5 __se_sys_waitid 6 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #76 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #76 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48552* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48552* (i32, i32*)*)(i32 %1, i32* nonnull %7) #76 %34 = icmp ugt %struct.pid.48552* %33, inttoptr (i64 -4096 to %struct.pid.48552*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48552* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48552* %43, %struct.pid.48552** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 release_task 2 wait_consider_task 3 do_wait 4 kernel_wait4 5 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #76 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48552* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48552* %25, %struct.pid.48552** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #77 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.48979* %25 = bitcast i8** %21 to %struct.task_struct.48979** store %struct.task_struct.48979* %24, %struct.task_struct.48979** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 95 %27 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #76 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48552*, %struct.pid.48552** %2, align 8 %39 = icmp eq %struct.pid.48552* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48552, %struct.pid.48552* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #76 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.48979* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.48979* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.48979* %103) #76 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.48979* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.48979* %120) #76 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %17 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.48945, %struct.signal_struct.48945* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48552** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48552*, %struct.pid.48552** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48552*, %struct.pid.48552** %23, align 8 %25 = icmp ne %struct.pid.48552* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %59 = load %struct.task_struct.48979*, %struct.task_struct.48979** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %61 = load %struct.task_struct.48979*, %struct.task_struct.48979** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %59, i64 0, i32 95 %63 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %61, i64 0, i32 95 %65 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %64, align 32 %66 = icmp eq %struct.signal_struct.48945* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.48979*, i32, %struct.pid_namespace.48550*)*)(%struct.task_struct.48979* %2, i32 0, %struct.pid_namespace.48550* null) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #76 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 56 %132 = load %struct.task_struct.48979*, %struct.task_struct.48979** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 57 %134 = load %struct.task_struct.48979*, %struct.task_struct.48979** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %132, i64 0, i32 95 %136 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %134, i64 0, i32 95 %138 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %137, align 32 %139 = icmp eq %struct.signal_struct.48945* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %156 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.48979** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.48979**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.48979* %159 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 95 %160 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %159, align 32 %161 = bitcast i64* %4 to i8* %162 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.48979*, i64*, i64*)*)(%struct.task_struct.48979* %2, i64* nonnull %4, i64* nonnull %5) #76 %163 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #76 %166 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #76 %167 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.48979*, i32, %struct.rusage*)*)(%struct.task_struct.48979* %2, i32 -2, %struct.rusage* nonnull %336) #76 br label %339 %340 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 95 %341 = load %struct.signal_struct.48945*, %struct.signal_struct.48945** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.48945, %struct.signal_struct.48945* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %352 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %2) #76 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @do_notify_parent to i1 (%struct.task_struct.48979*, i32)*)(%struct.task_struct.48979* %2, i32 %357) #76 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.48979* %2) #76 Function:release_task br label %2 %3 = phi %struct.task_struct.48979* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void bitcast (void (%struct.task_struct*)* @cgroup_release to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #76 %9 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 61 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 %11 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %12 = icmp eq %struct.list_head* %11, %9 br i1 %12, label %14, label %13, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.task_struct.48979, %struct.task_struct.48979* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.48979*)*)(%struct.task_struct.48979* %3) #76 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !9 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #76 ------------- Good: 192 Bad: 64 Ignored: 203 Check Use of Function:serial8250_register_8250_port Check Use of Function:utsns_install Check all other indirect call sites Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_release Check callee group: tg3_write_indirect_reg32 Check callee group: ipip6_newlink Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: sock_efree Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mq_walk Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_verify_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_clear sd_pr_clear Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 18 %5 = load %struct.address_space.215305*, %struct.address_space.215305** %4, align 8 %6 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %5, i64 0, i32 0 %7 = load %struct.inode.215746*, %struct.inode.215746** %6, align 8 %8 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %7, i64 0, i32 8 %9 = load %struct.super_block.215732*, %struct.super_block.215732** %8, align 8 %10 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215891** %12 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.file_lock.215741, %struct.file_lock.215741* %2, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %86 %21 = load %struct.super_block.215732*, %struct.super_block.215732** %8, align 8 %22 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %21, i64 0, i32 28 %23 = bitcast i8** %22 to %struct.nfs_server.215891** %24 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %23, align 16 %25 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %24, i64 0, i32 8 %26 = load i32, i32* %25, align 8 %27 = lshr i32 %26, 21 %28 = and i32 %27, 1 %29 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %24, i64 0, i32 0 %30 = load %struct.nfs_client.215885*, %struct.nfs_client.215885** %29, align 8 %31 = getelementptr inbounds %struct.nfs_client.215885, %struct.nfs_client.215885* %30, i64 0, i32 12 %32 = load %struct.nfs_rpc_ops.215868*, %struct.nfs_rpc_ops.215868** %31, align 8 %33 = getelementptr inbounds %struct.nfs_rpc_ops.215868, %struct.nfs_rpc_ops.215868* %32, i64 0, i32 43 %34 = load i32 (%struct.file_lock.215741*)*, i32 (%struct.file_lock.215741*)** %33, align 8 %35 = icmp eq i32 (%struct.file_lock.215741*)* %34, null br i1 %35, label %39, label %36 %40 = icmp eq i32 %1, 5 br i1 %40, label %41, label %78 %42 = load %struct.address_space.215305*, %struct.address_space.215305** %4, align 8 %43 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %42, i64 0, i32 0 %44 = load %struct.inode.215746*, %struct.inode.215746** %43, align 8 %45 = getelementptr inbounds %struct.file_lock.215741, %struct.file_lock.215741* %2, i64 0, i32 7 %46 = load i8, i8* %45, align 4 tail call void bitcast (void (%struct.file*, %struct.file_lock*)* @posix_test_lock to void (%struct.file.215754*, %struct.file_lock.215741*)*)(%struct.file.215754* %0, %struct.file_lock.215741* %2) #76 %47 = load i8, i8* %45, align 4 %48 = icmp eq i8 %47, 2 br i1 %48, label %49, label %86 store i8 %46, i8* %45, align 4 %50 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %44, i64 0, i32 8 %51 = load %struct.super_block.215732*, %struct.super_block.215732** %50, align 8 %52 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215891** %54 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %53, align 16 %55 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %54, i64 0, i32 0 %56 = load %struct.nfs_client.215885*, %struct.nfs_client.215885** %55, align 8 %57 = getelementptr inbounds %struct.nfs_client.215885, %struct.nfs_client.215885* %56, i64 0, i32 12 %58 = load %struct.nfs_rpc_ops.215868*, %struct.nfs_rpc_ops.215868** %57, align 8 %59 = getelementptr inbounds %struct.nfs_rpc_ops.215868, %struct.nfs_rpc_ops.215868* %58, i64 0, i32 47 %60 = load i32 (%struct.inode.215746*, i32)*, i32 (%struct.inode.215746*, i32)** %59, align 8 %61 = tail call i32 %60(%struct.inode.215746* %44, i32 1) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_update_plane intel_legacy_cursor_update drm_primary_helper_update Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: i915_ttm_adjust_lru Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: sock_efree Check callee group: i915_driver_release Check callee group: nfs_rename simple_rename bad_inode_rename2 kernfs_iop_rename shmem_rename2 vfat_rename msdos_rename ext4_rename2 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: bad_inode_lookup proc_tgid_base_lookup nfs_lookup proc_lookupfdinfo isofs_lookup autofs_lookup empty_dir_lookup proc_attr_dir_lookup proc_ns_dir_lookup msdos_lookup vfat_lookup proc_sys_lookup kernfs_iop_lookup proc_tgid_net_lookup proc_root_lookup proc_lookup proc_map_files_lookup ext4_lookup proc_tid_base_lookup proc_lookupfd proc_task_lookup simple_lookup Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_revalidate_mapping 1 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 17 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.215077** %31 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.217383*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #76 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.address_space.217384*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #76 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %55 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 9, i32 1 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 256 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %45 %14 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %15 = load %struct.super_block.217367*, %struct.super_block.217367** %14, align 8 %16 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.217511** %18 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %18, i64 0, i32 0 %20 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %19, align 8 %21 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %20, i64 0, i32 12 %22 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %21, align 8 %23 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %22, i64 0, i32 47 %24 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %23, align 8 %25 = tail call i32 %24(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: fifo_hd_init fifo_init Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: i915_driver_release Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.448538** %5 = load %struct.drm_i915_private.448538*, %struct.drm_i915_private.448538** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.448538, %struct.drm_i915_private.448538* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.381449* %9) #76 Function:drm_dev_put %2 = icmp eq %struct.drm_device.381449* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.381449* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.381449*)*, void (%struct.drm_device.381449*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.381449*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.381449* %16) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_ioctl ext4_ioctl autofs_dev_ioctl snd_ctl_ioctl sg_ioctl hiddev_ioctl proc_reg_unlocked_ioctl msr_ioctl bsg_ioctl hung_up_tty_ioctl snd_hwdep_ioctl autofs_root_ioctl evdev_ioctl loop_control_ioctl seccomp_notify_ioctl rtc_dev_ioctl usblp_ioctl usbdev_ioctl posix_clock_ioctl drm_ioctl sock_ioctl snd_disconnect_ioctl rfkill_fop_ioctl cache_ioctl_pipefs hpet_ioctl i915_perf_ioctl ns_ioctl pps_cdev_ioctl fat_dir_ioctl mon_bin_ioctl nvram_misc_ioctl snd_seq_ioctl tty_ioctl sync_file_ioctl inotify_ioctl perf_ioctl block_ioctl dma_buf_ioctl snd_timer_user_ioctl snapshot_ioctl hidraw_ioctl random_ioctl dm_ctl_ioctl fat_generic_ioctl rpc_pipe_ioctl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: fifo_init fifo_hd_init Check callee group: drm_atomic_helper_set_config Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ttm_bo_vm_access generic_access_phys vm_access kernfs_vma_access vm_access_ttm Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %8 tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %1, i64 2) #76 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %5 = load %struct.super_block.217367*, %struct.super_block.217367** %4, align 8 %6 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217511** %8 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %17 [label %3], !srcloc !4 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %19 = bitcast %struct.anon.1* %18 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %19) #76 %20 = bitcast %struct.anon.1* %18 to %struct.swap_cluster_info* %21 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %20, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = icmp ugt i32 %22, 1 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %32 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %31, align 8 %33 = icmp eq %struct.hlist_bl_node** %32, null br i1 %33, label %35, label %34 %36 = phi i1 [ true, %30 ], [ false, %34 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = bitcast %struct.anon.1* %18 to i8* store volatile i8 0, i8* %37, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %38 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #77 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %80 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp ne %struct.inode* %7, null %29 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %30 = load %struct.super_block*, %struct.super_block** %29, align 8 %31 = getelementptr inbounds %struct.super_block, %struct.super_block* %30, i64 0, i32 28 %32 = bitcast i8** %31 to %struct.nfs_server.215077** %33 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %32, align 16 %34 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %33, i64 0, i32 0 %35 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %34, align 8 %36 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %35, i64 0, i32 12 %37 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %36, align 8 %38 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %37, i64 0, i32 16 %39 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %38, align 8 %40 = tail call i32 %39(%struct.inode* %5, %struct.dentry* %0) #76 %41 = icmp eq i32 %40, 0 %42 = and i1 %28, %41 br i1 %42, label %43, label %55 %44 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18 %45 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %44, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #76 %46 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %50, label %49 tail call void bitcast (void (%struct.inode.149921*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #76 br label %50 %51 = tail call i64 @nfs_inc_attr_generation_counter() #76 %52 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 17 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %52, i64 11, i32 1 store i64 %51, i64* %53, align 8 tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #76 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %5 = load %struct.super_block.217367*, %struct.super_block.217367** %4, align 8 %6 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217511** %8 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %17 [label %3], !srcloc !4 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %19 = bitcast %struct.anon.1* %18 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %19) #76 %20 = bitcast %struct.anon.1* %18 to %struct.swap_cluster_info* %21 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %20, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = icmp ugt i32 %22, 1 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %32 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %31, align 8 %33 = icmp eq %struct.hlist_bl_node** %32, null br i1 %33, label %35, label %34 %36 = phi i1 [ true, %30 ], [ false, %34 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = bitcast %struct.anon.1* %18 to i8* store volatile i8 0, i8* %37, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %38 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #77 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %80 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp ne %struct.inode* %7, null %29 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %30 = load %struct.super_block*, %struct.super_block** %29, align 8 %31 = getelementptr inbounds %struct.super_block, %struct.super_block* %30, i64 0, i32 28 %32 = bitcast i8** %31 to %struct.nfs_server.215077** %33 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %32, align 16 %34 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %33, i64 0, i32 0 %35 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %34, align 8 %36 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %35, i64 0, i32 12 %37 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %36, align 8 %38 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %37, i64 0, i32 16 %39 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %38, align 8 %40 = tail call i32 %39(%struct.inode* %5, %struct.dentry* %0) #76 %41 = icmp eq i32 %40, 0 %42 = and i1 %28, %41 br i1 %42, label %43, label %55 %44 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18 %45 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %44, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #76 %46 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %50, label %49 tail call void bitcast (void (%struct.inode.149921*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #76 br label %50 %51 = tail call i64 @nfs_inc_attr_generation_counter() #76 %52 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 17 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %52, i64 11, i32 1 store i64 %51, i64* %53, align 8 tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #76 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %5 = load %struct.super_block.217367*, %struct.super_block.217367** %4, align 8 %6 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217511** %8 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %17 [label %3], !srcloc !4 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %19 = bitcast %struct.anon.1* %18 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %19) #76 %20 = bitcast %struct.anon.1* %18 to %struct.swap_cluster_info* %21 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %20, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = icmp ugt i32 %22, 1 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %32 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %31, align 8 %33 = icmp eq %struct.hlist_bl_node** %32, null br i1 %33, label %35, label %34 %36 = phi i1 [ true, %30 ], [ false, %34 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = bitcast %struct.anon.1* %18 to i8* store volatile i8 0, i8* %37, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %38 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #77 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %80 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp ne %struct.inode* %7, null %29 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %30 = load %struct.super_block*, %struct.super_block** %29, align 8 %31 = getelementptr inbounds %struct.super_block, %struct.super_block* %30, i64 0, i32 28 %32 = bitcast i8** %31 to %struct.nfs_server.215077** %33 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %32, align 16 %34 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %33, i64 0, i32 0 %35 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %34, align 8 %36 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %35, i64 0, i32 12 %37 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %36, align 8 %38 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %37, i64 0, i32 16 %39 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %38, align 8 %40 = tail call i32 %39(%struct.inode* %5, %struct.dentry* %0) #76 %41 = icmp eq i32 %40, 0 %42 = and i1 %28, %41 br i1 %42, label %43, label %55 %44 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18 %45 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %44, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #76 %46 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %50, label %49 tail call void bitcast (void (%struct.inode.149921*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #76 br label %50 %51 = tail call i64 @nfs_inc_attr_generation_counter() #76 %52 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 17 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %52, i64 11, i32 1 store i64 %51, i64* %53, align 8 tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #76 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %5 = load %struct.super_block.217367*, %struct.super_block.217367** %4, align 8 %6 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217511** %8 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs4_update_changeattr_locked 2 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %50 = phi i32 [ %26, %19 ], [ %47, %46 ] %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 3 %54 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 2 %55 = load %struct.nfs_fattr*, %struct.nfs_fattr** %54, align 8 %56 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %55, i64 0, i32 19 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %59 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %58, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %59) #76 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %1, %struct.perf_guest_switch_msr* %53, i64 %57, i64 2) #76 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236590** %18 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %78, label %29 %79 = phi i64 [ %13, %24 ], [ %69, %68 ], [ %13, %26 ] tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %0, i64 %79) #76 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %5 = load %struct.super_block.217367*, %struct.super_block.217367** %4, align 8 %6 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217511** %8 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs4_update_changeattr_locked 2 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %51 = phi i32 [ %27, %20 ], [ %48, %47 ] %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %74 %54 = icmp eq %struct.inode* %2, %1 %55 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 2 %56 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 3 %57 = load %struct.nfs_fattr*, %struct.nfs_fattr** %56, align 8 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %57, i64 0, i32 19 %59 = load i64, i64* %58, align 8 %60 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %61 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %60, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %61) #76 br i1 %54, label %72, label %62 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %2, %struct.perf_guest_switch_msr* %55, i64 %59, i64 2) #76 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236590** %18 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %78, label %29 %79 = phi i64 [ %13, %24 ], [ %69, %68 ], [ %13, %26 ] tail call void bitcast (void (%struct.inode.217383*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %0, i64 %79) #76 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %5 = load %struct.super_block.217367*, %struct.super_block.217367** %4, align 8 %6 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217511** %8 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_request_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: serial8250_pm Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217511* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.217383* %0, i32 1) #77 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216772, %struct.path.216772* %1, i64 0, i32 1 %7 = load %struct.dentry.217372*, %struct.dentry.217372** %6, align 8 %8 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %7, i64 0, i32 5 %9 = load %struct.inode.217383*, %struct.inode.217383** %8, align 8 %10 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 8 %11 = load %struct.super_block.217367*, %struct.super_block.217367** %10, align 8 %12 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217511** %14 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %67, label %57 %58 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, -4096 %61 = icmp eq i16 %60, -32768 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 9 %64 = load %struct.address_space.217384*, %struct.address_space.217384** %63, align 8 %65 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.217384*, i64, i64)*)(%struct.address_space.217384* %64, i64 0, i64 9223372036854775807) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %287 %68 = getelementptr inbounds %struct.path.216772, %struct.path.216772* %1, i64 0, i32 0 %69 = load %struct.vfsmount.217368*, %struct.vfsmount.217368** %68, align 8 %70 = getelementptr inbounds %struct.vfsmount.217368, %struct.vfsmount.217368* %69, i64 0, i32 2 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %82 %75 = and i32 %71, 16 %76 = icmp eq i32 %75, 0 br i1 %76, label %84, label %77 %85 = phi i32 [ %83, %82 ], [ %32, %77 ], [ %32, %74 ] %86 = and i32 %85, 1790 %87 = icmp eq i32 %86, 0 br i1 %87, label %228, label %88 br i1 %16, label %89, label %117 %90 = load %struct.super_block.217367*, %struct.super_block.217367** %10, align 8 %91 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.217511** %93 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %92, align 16 %94 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %93, i64 0, i32 0 %95 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %94, align 8 %96 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %95, i64 0, i32 12 %97 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %96, align 8 %98 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %97, i64 0, i32 47 %99 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %98, align 8 %100 = tail call i32 %99(%struct.inode.217383* %9, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 17, i32 1 %11 = bitcast i64* %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.216772*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #76 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216772, %struct.path.216772* %1, i64 0, i32 1 %7 = load %struct.dentry.217372*, %struct.dentry.217372** %6, align 8 %8 = getelementptr inbounds %struct.dentry.217372, %struct.dentry.217372* %7, i64 0, i32 5 %9 = load %struct.inode.217383*, %struct.inode.217383** %8, align 8 %10 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 8 %11 = load %struct.super_block.217367*, %struct.super_block.217367** %10, align 8 %12 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217511** %14 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %67, label %57 %58 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, -4096 %61 = icmp eq i16 %60, -32768 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %9, i64 0, i32 9 %64 = load %struct.address_space.217384*, %struct.address_space.217384** %63, align 8 %65 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.217384*, i64, i64)*)(%struct.address_space.217384* %64, i64 0, i64 9223372036854775807) #76 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %287 %68 = getelementptr inbounds %struct.path.216772, %struct.path.216772* %1, i64 0, i32 0 %69 = load %struct.vfsmount.217368*, %struct.vfsmount.217368** %68, align 8 %70 = getelementptr inbounds %struct.vfsmount.217368, %struct.vfsmount.217368* %69, i64 0, i32 2 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %82 %75 = and i32 %71, 16 %76 = icmp eq i32 %75, 0 br i1 %76, label %84, label %77 %85 = phi i32 [ %83, %82 ], [ %32, %77 ], [ %32, %74 ] %86 = and i32 %85, 1790 %87 = icmp eq i32 %86, 0 br i1 %87, label %228, label %88 br i1 %16, label %89, label %117 %90 = load %struct.super_block.217367*, %struct.super_block.217367** %10, align 8 %91 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %90, i64 0, i32 28 %92 = bitcast i8** %91 to %struct.nfs_server.217511** %93 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %92, align 16 %94 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %93, i64 0, i32 0 %95 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %94, align 8 %96 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %95, i64 0, i32 12 %97 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %96, align 8 %98 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %97, i64 0, i32 47 %99 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %98, align 8 %100 = tail call i32 %99(%struct.inode.217383* %9, i32 1) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_invalidate_atime 1 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 1, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.217383*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #76 Function:nfs_invalidate_atime %2 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 18 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %3) #76 %4 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %5 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %6 = load %struct.super_block.217367*, %struct.super_block.217367** %5, align 8 %7 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.217511** %9 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %9, i64 0, i32 0 %11 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %10, align 8 %12 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %11, i64 0, i32 12 %13 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %12, align 8 %14 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %13, i64 0, i32 47 %15 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %14, align 8 %16 = tail call i32 %15(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_leaf Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: device_reset Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: mdio_ctrl_hw Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217511* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.217383* %0, i32 1) #77 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 10, i32 0 store i64 %120, i64* %121, align 8 %122 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 9, i32 1 %123 = load i64, i64* %122, align 8 %124 = and i64 %123, -220997 store i64 %124, i64* %122, align 8 %125 = load i32, i32* %36, align 8 %126 = and i32 %125, 393216 %127 = icmp eq i32 %126, 393216 br i1 %127, label %128, label %189 %129 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %130 = load i64, i64* %129, align 8 %131 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, %130 br i1 %133, label %134, label %189 %135 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %136 = load i64, i64* %135, align 8 store volatile i64 %136, i64* %131, align 8 %137 = load i16, i16* %78, align 8 %138 = and i16 %137, -4096 %139 = icmp eq i16 %138, 16384 %140 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %141 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %140, i64 0, i32 28 %142 = bitcast i8** %141 to %struct.nfs_server.217511** %143 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %142, align 16 br i1 %139, label %144, label %163 %145 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 0 %146 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %145, align 8 %147 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %146, i64 0, i32 12 %148 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %147, align 8 %149 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %148, i64 0, i32 47 %150 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %149, align 8 %151 = tail call i32 %150(%struct.inode.217383* %0, i32 1) #77 ------------- Check callee group: sock_efree Check callee group: mdio_ctrl_hw Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_open e1000e_open Check callee group: tg3_write_indirect_reg32 Check callee group: mqueue_unlink nfs_unlink ext4_unlink autofs_dir_unlink bad_inode_unlink shmem_unlink simple_unlink vfat_unlink msdos_unlink Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: pci_fastcom335_setup pci_xr17v35x_setup pci_xr17c154_setup pci_connect_tech_setup Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: tg3_read_indirect_reg32 Check callee group: fifo_init fifo_hd_init Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 extts_enable_store ------------- Path:  Function:extts_enable_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds i8, i8* %8, i64 968 %10 = bitcast i8* %9 to %struct.ptp_clock_info** %11 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %10, align 8 %12 = bitcast %struct.ptp_clock_request* %5 to i8* %13 = bitcast i32* %6 to i8* %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %15 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.2.57370, i64 0, i64 0), %union.anon.188.640849* %14, i32* nonnull %6) #76 %16 = icmp eq i32 %15, 2 br i1 %16, label %17, label %31 %18 = bitcast %union.anon.188.640849* %14 to i32* %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %11, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %19, %21 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %11, i64 0, i32 17 %25 = load i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)** %24, align 8 %26 = load i32, i32* %6, align 4 %27 = icmp ne i32 %26, 0 %28 = zext i1 %27 to i32 %29 = call i32 %25(%struct.ptp_clock_info* %11, %struct.ptp_clock_request* nonnull %5, i32 %28) #77 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: nfs_swap_activate ext4_iomap_swap_activate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_release_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: bad_inode_lookup proc_tgid_base_lookup nfs_lookup proc_lookupfdinfo isofs_lookup autofs_lookup empty_dir_lookup proc_attr_dir_lookup proc_ns_dir_lookup msdos_lookup vfat_lookup proc_sys_lookup kernfs_iop_lookup proc_tgid_net_lookup proc_root_lookup proc_lookup proc_map_files_lookup ext4_lookup proc_tid_base_lookup proc_lookupfd proc_task_lookup simple_lookup Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: bad_inode_atomic_open nfs_atomic_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs_swap_deactivate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_property_free_blob drm_framebuffer_free drm_connector_free Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: x86_pmu_aux_output_match Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_reserve sd_pr_reserve Check callee group: ata_acpi_ap_notify_dock ata_acpi_dev_notify_dock Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: device_reset Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_leaf Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: pipe_ioctl ext4_ioctl autofs_dev_ioctl snd_ctl_ioctl sg_ioctl hiddev_ioctl proc_reg_unlocked_ioctl msr_ioctl bsg_ioctl hung_up_tty_ioctl snd_hwdep_ioctl autofs_root_ioctl evdev_ioctl loop_control_ioctl seccomp_notify_ioctl rtc_dev_ioctl usblp_ioctl usbdev_ioctl posix_clock_ioctl drm_ioctl sock_ioctl snd_disconnect_ioctl rfkill_fop_ioctl cache_ioctl_pipefs hpet_ioctl i915_perf_ioctl ns_ioctl pps_cdev_ioctl fat_dir_ioctl mon_bin_ioctl nvram_misc_ioctl snd_seq_ioctl tty_ioctl sync_file_ioctl inotify_ioctl perf_ioctl block_ioctl dma_buf_ioctl snd_timer_user_ioctl snapshot_ioctl hidraw_ioctl random_ioctl dm_ctl_ioctl fat_generic_ioctl rpc_pipe_ioctl Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: drm_property_free_blob drm_framebuffer_free drm_connector_free Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_ioctl ext4_ioctl autofs_dev_ioctl snd_ctl_ioctl sg_ioctl hiddev_ioctl proc_reg_unlocked_ioctl msr_ioctl bsg_ioctl hung_up_tty_ioctl snd_hwdep_ioctl autofs_root_ioctl evdev_ioctl loop_control_ioctl seccomp_notify_ioctl rtc_dev_ioctl usblp_ioctl usbdev_ioctl posix_clock_ioctl drm_ioctl sock_ioctl snd_disconnect_ioctl rfkill_fop_ioctl cache_ioctl_pipefs hpet_ioctl i915_perf_ioctl ns_ioctl pps_cdev_ioctl fat_dir_ioctl mon_bin_ioctl nvram_misc_ioctl snd_seq_ioctl tty_ioctl sync_file_ioctl inotify_ioctl perf_ioctl block_ioctl dma_buf_ioctl snd_timer_user_ioctl snapshot_ioctl hidraw_ioctl random_ioctl dm_ctl_ioctl fat_generic_ioctl rpc_pipe_ioctl Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217511* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.217383* %0, i32 1) #77 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 10, i32 0 store i64 %120, i64* %121, align 8 %122 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 9, i32 1 %123 = load i64, i64* %122, align 8 %124 = and i64 %123, -220997 store i64 %124, i64* %122, align 8 %125 = load i32, i32* %36, align 8 %126 = and i32 %125, 393216 %127 = icmp eq i32 %126, 393216 br i1 %127, label %128, label %189 %129 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %130 = load i64, i64* %129, align 8 %131 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, %130 br i1 %133, label %134, label %189 %135 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %136 = load i64, i64* %135, align 8 store volatile i64 %136, i64* %131, align 8 %137 = load i16, i16* %78, align 8 %138 = and i16 %137, -4096 %139 = icmp eq i16 %138, 16384 %140 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %141 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %140, i64 0, i32 28 %142 = bitcast i8** %141 to %struct.nfs_server.217511** %143 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %142, align 16 br i1 %139, label %144, label %163 %164 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 10 %165 = load i32, i32* %164, align 8 %166 = and i32 %165, 268435456 %167 = icmp eq i32 %166, 0 br i1 %167, label %189, label %168 %169 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 0 %170 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %169, align 8 %171 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %170, i64 0, i32 12 %172 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %171, align 8 %173 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %172, i64 0, i32 47 %174 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %173, align 8 %175 = tail call i32 %174(%struct.inode.217383* %0, i32 1) #77 %176 = load i64, i64* %122, align 8 %177 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %178 = load %struct.address_space.217384*, %struct.address_space.217384** %177, align 8 %179 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %178, i64 0, i32 7 %180 = load i64, i64* %179, align 8 %181 = icmp eq i64 %180, 0 br i1 %181, label %182, label %184 %185 = and i64 %176, 2 %186 = icmp eq i64 %185, 0 br i1 %186, label %189, label %187 %188 = and i64 %176, -8193 store i64 %188, i64* %122, align 8 br label %189 %190 = phi i64 [ %188, %187 ], [ %176, %184 ], [ %183, %182 ], [ %124, %163 ], [ %162, %161 ], [ %160, %159 ], [ %124, %128 ], [ %124, %109 ] %191 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17 %192 = bitcast %struct.cpu_itimer* %191 to i8* %193 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17, i32 1 %194 = load i64, i64* %193, align 8 %195 = load i32, i32* %36, align 8 %196 = and i32 %195, 81920 %197 = icmp eq i32 %196, 81920 br i1 %197, label %198, label %212 %199 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17, i32 0 %200 = load i64, i64* %199, align 8 %201 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 0 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %200, %202 br i1 %203, label %204, label %212 %205 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 1 %206 = load i64, i64* %205, align 8 %207 = icmp eq i64 %194, %206 br i1 %207, label %208, label %212 %209 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13 %210 = bitcast %struct.cpu_itimer* %209 to i8* %211 = load i32, i32* %36, align 8 br label %212 %213 = phi i32 [ %195, %204 ], [ %195, %189 ], [ %195, %198 ], [ %211, %208 ] %214 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16 %215 = bitcast %struct.cpu_itimer* %214 to i8* %216 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16, i32 1 %217 = load i64, i64* %216, align 8 %218 = and i32 %213, 40960 %219 = icmp eq i32 %218, 40960 br i1 %219, label %220, label %259 %221 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16, i32 0 %222 = load i64, i64* %221, align 8 %223 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 0 %224 = load i64, i64* %223, align 8 %225 = icmp eq i64 %222, %224 br i1 %225, label %226, label %259 %227 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 1 %228 = load i64, i64* %227, align 8 %229 = icmp eq i64 %217, %228 br i1 %229, label %230, label %259 %231 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12 %232 = bitcast %struct.cpu_itimer* %231 to i8* %233 = load i16, i16* %78, align 8 %234 = and i16 %233, -4096 %235 = icmp eq i16 %234, 16384 br i1 %235, label %236, label %259 %237 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %238 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %237, i64 0, i32 28 %239 = bitcast i8** %238 to %struct.nfs_server.217511** %240 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %239, align 16 %241 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %240, i64 0, i32 0 %242 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %241, align 8 %243 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %242, i64 0, i32 12 %244 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %243, align 8 %245 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %244, i64 0, i32 47 %246 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %245, align 8 %247 = tail call i32 %246(%struct.inode.217383* %0, i32 1) #77 %248 = load i64, i64* %122, align 8 %249 = or i64 %248, 2 store i64 %249, i64* %122, align 8 %250 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %251 = load %struct.address_space.217384*, %struct.address_space.217384** %250, align 8 %252 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %251, i64 0, i32 7 %253 = load i64, i64* %252, align 8 %254 = icmp eq i64 %253, 0 br i1 %254, label %255, label %257 %258 = and i64 %249, -8193 store i64 %258, i64* %122, align 8 br label %259 %260 = phi i64 [ %258, %257 ], [ %256, %255 ], [ %190, %230 ], [ %190, %226 ], [ %190, %220 ], [ %190, %212 ] %261 = load i32, i32* %36, align 8 %262 = and i32 %261, 192 %263 = icmp eq i32 %262, 192 br i1 %263, label %264, label %282 %283 = phi i32 [ %261, %259 ], [ %261, %264 ], [ %261, %272 ], [ %281, %276 ] %284 = and i32 %283, 131072 %285 = icmp eq i32 %284, 0 br i1 %285, label %309, label %286 %310 = and i64 %123, 256 %311 = or i64 %260, %310 store i64 %311, i64* %122, align 8 %312 = xor i1 %118, true %313 = and i64 %311, 256 %314 = icmp eq i64 %313, 0 %315 = and i1 %314, %312 br label %316 %317 = phi i1 [ false, %286 ], [ %305, %304 ], [ false, %309 ] %318 = phi i1 [ true, %286 ], [ true, %304 ], [ %315, %309 ] %319 = phi i64 [ %123, %286 ], [ %306, %304 ], [ %123, %309 ] %320 = phi i64 [ 0, %286 ], [ %307, %304 ], [ 0, %309 ] %321 = load i32, i32* %36, align 8 %322 = and i32 %321, 8192 %323 = icmp eq i32 %322, 0 br i1 %323, label %327, label %324 %328 = and i64 %11, 8192 %329 = icmp eq i64 %328, 0 br i1 %329, label %334, label %330 %335 = load i32, i32* %36, align 8 %336 = and i32 %335, 16384 %337 = icmp eq i32 %336, 0 br i1 %337, label %341, label %338 %342 = and i64 %11, 16384 %343 = icmp eq i64 %342, 0 br i1 %343, label %348, label %344 %349 = load i32, i32* %36, align 8 %350 = and i32 %349, 64 %351 = icmp eq i32 %350, 0 br i1 %351, label %381, label %352 %353 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 6 %354 = load i64, i64* %353, align 8 %355 = icmp ult i64 %354, 9223372036854775807 %356 = select i1 %355, i64 %354, i64 9223372036854775807 %357 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 14 %358 = load i64, i64* %357, align 8 %359 = icmp eq i64 %356, %358 %360 = xor i1 %118, true %361 = or i1 %359, %360 br i1 %361, label %371, label %362 %363 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 15, i32 1 %364 = load volatile i64, i64* %363, align 8 %365 = icmp eq i64 %364, 0 %366 = icmp sgt i64 %356, %358 %367 = or i1 %366, %365 br i1 %367, label %368, label %371 store i64 %356, i64* %357, align 8 %369 = or i64 %320, 2 %370 = select i1 %35, i64 %320, i64 %369 br label %371 %372 = phi i64 [ %320, %352 ], [ %320, %362 ], [ %370, %368 ] %373 = icmp eq i64 %356, 0 br i1 %373, label %374, label %385 %375 = load i32, i32* %36, align 8 %376 = and i32 %375, 768 %377 = icmp eq i32 %376, 0 br i1 %377, label %378, label %385 %386 = phi i64 [ %372, %374 ], [ %372, %378 ], [ %372, %371 ], [ %320, %381 ] %387 = load i32, i32* %36, align 8 %388 = and i32 %387, 4096 %389 = icmp eq i32 %388, 0 br i1 %389, label %395, label %390 %396 = and i64 %11, 4096 %397 = icmp eq i64 %396, 0 br i1 %397, label %402, label %398 %403 = load i32, i32* %36, align 8 %404 = and i32 %403, 2 %405 = icmp eq i32 %404, 0 br i1 %405, label %417, label %406 %407 = load i16, i16* %78, align 8 %408 = and i16 %407, 4095 %409 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %410 = load i16, i16* %409, align 4 %411 = and i16 %410, 4095 %412 = icmp eq i16 %408, %411 br i1 %412, label %424, label %413 %425 = phi i64 [ %416, %413 ], [ %386, %406 ], [ %386, %420 ], [ %386, %417 ] %426 = load i32, i32* %36, align 8 %427 = and i32 %426, 8 %428 = icmp eq i32 %427, 0 br i1 %428, label %437, label %429 %438 = and i64 %11, 8 %439 = icmp eq i64 %438, 0 br i1 %439, label %444, label %440 %445 = phi i64 [ %425, %429 ], [ %436, %435 ], [ %425, %440 ], [ %425, %437 ] %446 = load i32, i32* %36, align 8 %447 = and i32 %446, 16 %448 = icmp eq i32 %447, 0 br i1 %448, label %457, label %449 %458 = and i64 %11, 16 %459 = icmp eq i64 %458, 0 br i1 %459, label %464, label %460 %465 = phi i64 [ %445, %449 ], [ %456, %455 ], [ %445, %460 ], [ %445, %457 ] %466 = load i32, i32* %36, align 8 %467 = and i32 %466, 4 %468 = icmp eq i32 %467, 0 br i1 %468, label %481, label %469 %470 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 12, i32 0 %471 = load i32, i32* %470, align 8 %472 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 2 %473 = load i32, i32* %472, align 8 %474 = icmp eq i32 %471, %473 br i1 %474, label %488, label %475 %489 = phi i64 [ %480, %475 ], [ %465, %469 ], [ %465, %484 ], [ %465, %481 ] %490 = load i32, i32* %36, align 8 %491 = and i32 %490, 512 %492 = icmp eq i32 %491, 0 br i1 %492, label %499, label %493 %500 = and i64 %11, 512 %501 = icmp eq i64 %500, 0 br i1 %501, label %506, label %502 %507 = load i32, i32* %36, align 8 %508 = and i32 %507, 256 %509 = icmp eq i32 %508, 0 br i1 %509, label %517, label %510 %518 = and i64 %11, 256 %519 = icmp eq i64 %518, 0 br i1 %519, label %524, label %520 br i1 %317, label %525, label %550 br i1 %318, label %551, label %579 %552 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 11, i32 0 %553 = load i64, i64* %552, align 8 %554 = sub i64 %12, %553 %555 = icmp sgt i64 %554, -1 %556 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 10, i32 1 %557 = load i64, i64* %556, align 8 %558 = sub i64 %554, %557 %559 = icmp slt i64 %558, 0 %560 = and i1 %555, %559 br i1 %560, label %578, label %561 store i64 %12, i64* %552, align 8 br label %579 %580 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %581 = load i64, i64* %580, align 8 %582 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 11, i32 1 %583 = load i64, i64* %582, align 8 %584 = sub i64 %581, %583 %585 = icmp sgt i64 %584, 0 br i1 %585, label %586, label %587 %588 = load i16, i16* %78, align 8 %589 = and i16 %588, -4096 switch i16 %589, label %590 [ i16 -32768, label %592 i16 16384, label %592 i16 -24576, label %592 ] %593 = phi i64 [ %489, %587 ], [ %591, %590 ], [ %489, %587 ], [ %489, %587 ] %594 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %595 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %594, i64 0, i32 28 %596 = bitcast i8** %595 to %struct.nfs_server.217511** %597 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %596, align 16 %598 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %597, i64 0, i32 0 %599 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %598, align 8 %600 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %599, i64 0, i32 12 %601 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %600, align 8 %602 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %601, i64 0, i32 47 %603 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %602, align 8 %604 = tail call i32 %603(%struct.inode.217383* %0, i32 1) #77 ------------- Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: sock_efree Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: dm_blk_ioctl lo_ioctl md_ioctl sr_block_ioctl sd_ioctl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: security_msg_queue_associate security_sem_associate security_shm_associate Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_lastclose Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: i915_ttm_adjust_lru Check callee group: xhci_run Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: ext4_quota_off Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_post_op_update_inode_force_wcc_locked 1 nfs_writeback_update_inode 2 nfs4_write_done_cb 3 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_pm Check callee group: mdio_ctrl_hw Check callee group: dm_pr_register sd_pr_register Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: nfs_rmdir bad_inode_rmdir shmem_rmdir autofs_dir_rmdir kernfs_iop_rmdir tracefs_syscall_rmdir simple_rmdir ext4_rmdir vfat_rmdir msdos_rmdir Check callee group: tg3_write_indirect_reg32 Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: dm_pr_clear sd_pr_clear Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: sockfs_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get ext4_xattr_hurd_get posix_acl_xattr_get nfs4_xattr_get_nfs4_acl ext4_xattr_trusted_get ext4_xattr_security_get shmem_xattr_handler_get Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: ipip6_dellink Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nv_set_multicast Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_release Use: =BAD PATH= Call Stack: 0 drm_minor_acquire 1 drm_open ------------- Path:  Function:drm_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 1048575 %6 = tail call %struct.drm_minor* @drm_minor_acquire(i32 %5) #76 Function:drm_minor_acquire %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0)) #76 %3 = zext i32 %0 to i64 %4 = tail call i8* @idr_find(%struct.idr* nonnull @drm_minors_idr, i64 %3) #76 %5 = icmp eq i8* %4, null br i1 %5, label %35, label %6 %7 = getelementptr inbounds i8, i8* %4, i64 16 %8 = bitcast i8* %7 to %struct.drm_device.381449** %9 = load %struct.drm_device.381449*, %struct.drm_device.381449** %8, align 8 %10 = icmp eq %struct.drm_device.381449* %9, null br i1 %10, label %23, label %11 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0), i64 %2) #76 %24 = load %struct.drm_device.381449*, %struct.drm_device.381449** %8, align 8 %25 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @drm_unplug_srcu) #76 %26 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %24, i64 0, i32 11 %27 = load i8, i8* %26, align 4, !range !8 %28 = icmp eq i8 %27, 0 %29 = icmp ugt i32 %25, 1 br i1 %28, label %32, label %30 br i1 %29, label %31, label %36, !prof !5, !misexpect !6 tail call void @__srcu_read_unlock(%struct.srcu_struct* nonnull @drm_unplug_srcu, i32 %25) #76 %37 = load %struct.drm_device.381449*, %struct.drm_device.381449** %8, align 8 %38 = icmp eq %struct.drm_device.381449* %37, null br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.drm_device.381449, %struct.drm_device.381449* %37, i64 0, i32 1 %41 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0 %42 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !11 %44 = icmp eq i32 %43, 1 br i1 %44, label %50, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %51 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 -1 %52 = bitcast %struct.qspinlock* %51 to %struct.drm_device.381449* %53 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 11 %54 = bitcast %struct.qspinlock* %53 to %struct.drm_driver** %55 = load %struct.drm_driver*, %struct.drm_driver** %54, align 8 %56 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %55, i64 0, i32 5 %57 = load void (%struct.drm_device.381449*)*, void (%struct.drm_device.381449*)** %56, align 8 %58 = icmp eq void (%struct.drm_device.381449*)* %57, null br i1 %58, label %60, label %59 tail call void %57(%struct.drm_device.381449* %52) #76 ------------- Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: i915_ttm_adjust_lru Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sr_reset Check callee group: serial8250_get_mctrl Check callee group: tg3_write_indirect_reg32 Check callee group: udp_abort raw_abort tcp_abort Check callee group: e1000_update_phy_info_task Check callee group: x86_pmu_aux_output_match Check callee group: device_reset Check callee group: mdio_ctrl_hw Check callee group: serial8250_config_port Check callee group: ttm_bo_vm_access generic_access_phys vm_access kernfs_vma_access vm_access_ttm Check callee group: i915_ttm_adjust_lru Check callee group: nfs4_have_delegation Check callee group: serial8250_config_port Check callee group: serial8250_config_port Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: nfs_umount_begin Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273225, %struct.file.273225* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273260** %8 = load %struct.socket.273260*, %struct.socket.273260** %7, align 8 %9 = getelementptr inbounds %struct.socket.273260, %struct.socket.273260* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273259*, %struct.proto_ops.273259** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273259, %struct.proto_ops.273259* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*, i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273260*, i64*, %struct.pipe_inode_info.273162*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.154414*, i64*, %struct.pipe_inode_info.154505*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273225*, i64*, %struct.pipe_inode_info.273162*, i64, i32)*)(%struct.file.273225* %0, i64* %1, %struct.pipe_inode_info.273162* %2, i64 %3, i32 %4) #76 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154052, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154052* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.154505*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.154505* %2, i64 %3) #76 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 5 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 18 %24 = load %struct.address_space.154498*, %struct.address_space.154498** %23, align 8 %25 = getelementptr inbounds %struct.address_space.154498, %struct.address_space.154498* %24, i64 0, i32 0 %26 = load %struct.inode.154491*, %struct.inode.154491** %25, align 8 %27 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 8 %28 = load %struct.super_block.154474*, %struct.super_block.154474** %27, align 8 %29 = getelementptr inbounds %struct.super_block.154474, %struct.super_block.154474* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 2 %47 = load %struct.inode.154491*, %struct.inode.154491** %46, align 8 %48 = getelementptr inbounds %struct.inode.154491, %struct.inode.154491* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.154394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.154394**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.154394* %55 = getelementptr inbounds %struct.task_struct.154394, %struct.task_struct.154394* %54, i64 0, i32 123 %56 = load %struct.io_context.154260*, %struct.io_context.154260** %55, align 8 %57 = icmp eq %struct.io_context.154260* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 0 store %struct.file.154414* %0, %struct.file.154414** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154052, %struct.kiocb.154052* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154050* null, %struct.wait_page_queue.154050** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.154414, %struct.file.154414* %0, i64 0, i32 3 %79 = load %struct.file_operations.154411*, %struct.file_operations.154411** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.154411, %struct.file_operations.154411* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154052*, %struct.iov_iter*)*, i64 (%struct.kiocb.154052*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154052* nonnull %7, %struct.iov_iter* nonnull %6) #76 ------------- Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: tg3_read_indirect_reg32 Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: pipe_read kernfs_fop_read_iter ext4_file_read_iter sock_read_iter shmem_file_read_iter proc_reg_read_iter nfs_file_read eventfd_read read_iter_null read_iter_zero generic_file_read_iter tty_read hung_up_tty_read seq_read_iter proc_sys_read hugetlbfs_read_iter blkdev_read_iter Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_read_indirect_reg32 Check callee group: seq_read_iter Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %17 = load %struct.proc_ops.78183*, %struct.proc_ops.78183** %16, align 8 %18 = getelementptr inbounds %struct.proc_ops.78183, %struct.proc_ops.78183* %17, i64 0, i32 3 %19 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %18, align 8 %20 = tail call i64 %19(%struct.kiocb* %0, %struct.iov_iter* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %17 = load %struct.proc_ops.78183*, %struct.proc_ops.78183** %16, align 8 %18 = getelementptr inbounds %struct.proc_ops.78183, %struct.proc_ops.78183* %17, i64 0, i32 3 %19 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %18, align 8 %20 = tail call i64 %19(%struct.kiocb* %0, %struct.iov_iter* %1) #76 ------------- Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: aio_complete_rw Check callee group: sock_efree Check callee group: seq_read_iter Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 0, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp sgt i32 %23, -1 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add nuw i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %35, !prof !7, !misexpect !5 %36 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %37 = load %struct.proc_ops.78183*, %struct.proc_ops.78183** %36, align 8 %38 = getelementptr inbounds %struct.proc_ops.78183, %struct.proc_ops.78183* %37, i64 0, i32 3 %39 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %38, align 8 %40 = tail call i64 %39(%struct.kiocb* %0, %struct.iov_iter* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 0, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp sgt i32 %23, -1 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add nuw i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %35, !prof !7, !misexpect !5 %36 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %37 = load %struct.proc_ops.78183*, %struct.proc_ops.78183** %36, align 8 %38 = getelementptr inbounds %struct.proc_ops.78183, %struct.proc_ops.78183* %37, i64 0, i32 3 %39 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %38, align 8 %40 = tail call i64 %39(%struct.kiocb* %0, %struct.iov_iter* %1) #76 ------------- Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_inode_stale_locked 1 nfs_update_inode 2 nfs_refresh_inode_locked 3 nfs_post_op_update_inode_force_wcc_locked 4 nfs_writeback_update_inode 5 nfs4_write_done_cb 6 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %68 = load i16, i16* %67, align 4 %69 = xor i16 %15, %68 %70 = icmp ugt i16 %69, 4095 br i1 %70, label %71, label %77 %72 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 11 %73 = load i64, i64* %72, align 8 %74 = zext i16 %15 to i32 %75 = zext i16 %68 to i32 %76 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([49 x i8], [49 x i8]* @.str.5.21609, i64 0, i64 0), i8* getelementptr inbounds ([17 x i8], [17 x i8]* @__func__.nfs_update_inode, i64 0, i64 0), i64 %73, i32 %74, i32 %75) #76 br label %634 tail call fastcc void @nfs_set_inode_stale_locked(%struct.inode.217383* %0) #78 Function:nfs_set_inode_stale_locked %2 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 9, i32 0 %4 = bitcast i64* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %4, i32 2, i8* %4) #6, !srcloc !4 %5 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %8 = load %struct.super_block.217367*, %struct.super_block.217367** %7, align 8 %9 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.217511** %11 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %11, i64 0, i32 6 %13 = load %struct.nfs_iostats*, %struct.nfs_iostats** %12, align 8 %14 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %13, i64 0, i32 1, i64 3 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %14, i64* %14) #6, !srcloc !5 %15 = load %struct.super_block.217367*, %struct.super_block.217367** %7, align 8 %16 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.217511** %18 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %17, align 16 %19 = load i16, i16* %5, align 8 %20 = and i16 %19, -4096 %21 = icmp eq i16 %20, 16384 %22 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %18, i64 0, i32 21 %23 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %18, i64 0, i32 19 %24 = select i1 %21, i32* %22, i32* %23 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 10, i32 1 store i64 %26, i64* %27, align 8 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 11, i32 0 store i64 %28, i64* %29, align 8 %30 = and i16 %6, -4096 switch i16 %30, label %54 [ i16 -32768, label %31 i16 16384, label %31 i16 -24576, label %31 ] %32 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %17, align 16 %33 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %32, i64 0, i32 0 %34 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %36, i64 0, i32 47 %38 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %37, align 8 %39 = tail call i32 %38(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_refresh_inode_locked 1 nfs_post_op_update_inode_force_wcc_locked 2 nfs_writeback_update_inode 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %99 = icmp eq i32 %51, 0 br i1 %99, label %100, label %340 %101 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 0 %102 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %101, align 8 %103 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %102, i64 0, i32 12 %104 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %103, align 8 %105 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %104, i64 0, i32 47 %106 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %105, align 8 %107 = tail call i32 %106(%struct.inode.217383* %0, i32 1) #76 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %340 %110 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %111 = load i32, i32* %110, align 8 %112 = and i32 %111, 2048 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %117 %118 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %119 = load i64, i64* %118, align 8 %120 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %121 = load i64, i64* %120, align 8 %122 = icmp eq i64 %119, %121 br i1 %122, label %131, label %123 %132 = and i32 %111, 1 %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %138 %139 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %140 = load i16, i16* %139, align 4 %141 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %142 = load i16, i16* %141, align 8 %143 = xor i16 %142, %140 %144 = icmp ugt i16 %143, 4095 br i1 %144, label %340, label %145 %146 = phi i16 [ %137, %134 ], [ %142, %138 ] %147 = and i16 %146, -4096 %148 = icmp eq i16 %147, -32768 br i1 %148, label %149, label %165 %150 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 18 %151 = bitcast %struct.cpu_itimer* %150 to %struct.list_head* %152 = bitcast %struct.cpu_itimer* %150 to %struct.list_head** %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %165, label %155 %156 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 51 %157 = bitcast %struct.cpu_itimer* %156 to i32* %158 = load volatile i32, i32* %157, align 4 %159 = icmp sgt i32 %158, 0 br i1 %159, label %160, label %165 %161 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 0 %162 = load volatile i64, i64* %161, align 8 %163 = and i64 %162, 4096 %164 = icmp eq i64 %163, 0 br i1 %164, label %225, label %165 %166 = and i32 %111, 131072 %167 = icmp eq i32 %166, 0 br i1 %167, label %175, label %168 %169 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %170 = load i64, i64* %169, align 8 %171 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %172 = load volatile i64, i64* %171, align 8 %173 = icmp eq i64 %172, %170 %174 = select i1 %173, i64 0, i64 256 br label %175 %176 = phi i64 [ 0, %165 ], [ %174, %168 ] %177 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16, i32 1 %178 = load i64, i64* %177, align 8 %179 = and i32 %111, 8192 %180 = icmp eq i32 %179, 0 br i1 %180, label %193, label %181 %182 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16, i32 0 %183 = load i64, i64* %182, align 8 %184 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12, i32 0 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %183, %185 br i1 %186, label %187, label %191 %188 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12, i32 1 %189 = load i64, i64* %188, align 8 %190 = icmp eq i64 %178, %189 br i1 %190, label %193, label %191 %192 = or i64 %176, 1024 br label %193 %194 = phi i64 [ %176, %175 ], [ %192, %191 ], [ %176, %187 ] %195 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17, i32 1 %196 = load i64, i64* %195, align 8 %197 = and i32 %111, 16384 %198 = icmp eq i32 %197, 0 br i1 %198, label %211, label %199 %200 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17, i32 0 %201 = load i64, i64* %200, align 8 %202 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13, i32 0 %203 = load i64, i64* %202, align 8 %204 = icmp eq i64 %201, %203 br i1 %204, label %205, label %209 %206 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13, i32 1 %207 = load i64, i64* %206, align 8 %208 = icmp eq i64 %196, %207 br i1 %208, label %211, label %209 %210 = or i64 %194, 512 br label %211 %212 = phi i64 [ %194, %193 ], [ %210, %209 ], [ %194, %205 ] %213 = and i32 %111, 64 %214 = icmp eq i32 %213, 0 br i1 %214, label %225, label %215 %216 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 14 %217 = load i64, i64* %216, align 8 %218 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 6 %219 = load i64, i64* %218, align 8 %220 = icmp ult i64 %219, 9223372036854775807 %221 = select i1 %220, i64 %219, i64 9223372036854775807 %222 = icmp eq i64 %217, %221 %223 = or i64 %212, 2048 %224 = select i1 %222, i64 %212, i64 %223 br label %225 %226 = phi i64 [ 0, %160 ], [ %212, %211 ], [ %224, %215 ] %227 = and i32 %111, 2 %228 = icmp eq i32 %227, 0 br i1 %228, label %237, label %229 %230 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %231 = load i16, i16* %230, align 4 %232 = xor i16 %231, %146 %233 = and i16 %232, 4095 %234 = icmp eq i16 %233, 0 %235 = or i64 %226, 131072 %236 = select i1 %234, i64 %226, i64 %235 br label %237 %238 = phi i64 [ %226, %225 ], [ %236, %229 ] %239 = and i32 %111, 8 %240 = icmp eq i32 %239, 0 br i1 %240, label %249, label %241 %242 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 2, i32 0 %243 = load i32, i32* %242, align 4 %244 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 3, i32 0 %245 = load i32, i32* %244, align 4 %246 = icmp eq i32 %243, %245 %247 = or i64 %238, 4096 %248 = select i1 %246, i64 %238, i64 %247 br label %249 %250 = phi i64 [ %238, %237 ], [ %248, %241 ] %251 = and i32 %111, 16 %252 = icmp eq i32 %251, 0 br i1 %252, label %261, label %253 %254 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 3, i32 0 %255 = load i32, i32* %254, align 8 %256 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 4, i32 0 %257 = load i32, i32* %256, align 8 %258 = icmp eq i32 %255, %257 %259 = or i64 %250, 4096 %260 = select i1 %258, i64 %250, i64 %259 br label %261 %262 = phi i64 [ %250, %249 ], [ %260, %253 ] %263 = and i32 %111, 4 %264 = icmp eq i32 %263, 0 br i1 %264, label %273, label %265 %266 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 12, i32 0 %267 = load i32, i32* %266, align 8 %268 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 2 %269 = load i32, i32* %268, align 8 %270 = icmp eq i32 %267, %269 %271 = or i64 %262, 65536 %272 = select i1 %270, i64 %262, i64 %271 br label %273 %274 = phi i64 [ %262, %261 ], [ %272, %265 ] %275 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 15, i32 1 %276 = load i64, i64* %275, align 8 %277 = and i32 %111, 4096 %278 = icmp eq i32 %277, 0 br i1 %278, label %292, label %279 %280 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 15, i32 0 %281 = load i64, i64* %280, align 8 %282 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 11, i32 0 %283 = load i64, i64* %282, align 8 %284 = icmp eq i64 %281, %283 br i1 %284, label %287, label %285 %288 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 11, i32 1 %289 = load i64, i64* %288, align 8 %290 = icmp eq i64 %276, %289 %291 = or i64 %274, 4 br i1 %290, label %292, label %294 %293 = icmp eq i64 %274, 0 br i1 %293, label %336, label %294 %295 = phi i64 [ %274, %292 ], [ %286, %285 ], [ %291, %287 ] %296 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %297 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %296, i64 0, i32 28 %298 = bitcast i8** %297 to %struct.nfs_server.217511** %299 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %298, align 16 %300 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %299, i64 0, i32 0 %301 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %300, align 8 %302 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %301, i64 0, i32 12 %303 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %302, align 8 %304 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %303, i64 0, i32 47 %305 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %304, align 8 %306 = tail call i32 %305(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs4_update_changeattr_locked 1 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236605** %6 = load %struct.nfs_unlinkdata.236605*, %struct.nfs_unlinkdata.236605** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236600* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %50 = phi i32 [ %26, %19 ], [ %47, %46 ] %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 3 %54 = getelementptr inbounds %struct.nfs_unlinkdata.236605, %struct.nfs_unlinkdata.236605* %6, i64 0, i32 1, i32 2 %55 = load %struct.nfs_fattr*, %struct.nfs_fattr** %54, align 8 %56 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %55, i64 0, i32 19 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %59 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %58, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %59) #76 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %1, %struct.perf_guest_switch_msr* %53, i64 %57, i64 2) #76 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236590** %18 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %78, label %29 store volatile i64 %23, i64* %6, align 8 %30 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33 %34 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, %7 br i1 %36, label %68, label %37 br i1 %11, label %38, label %40 tail call void @nfs_force_lookup_revalidate(%struct.inode* %0) #76 %39 = load %struct.super_block*, %struct.super_block** %14, align 8 br label %40 %41 = phi %struct.super_block* [ %39, %38 ], [ %15, %37 ] %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.236590** %44 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %44, i64 0, i32 0 %46 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.236642*, %struct.nfs_rpc_ops.236642** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.236642, %struct.nfs_rpc_ops.236642* %48, i64 0, i32 47 %50 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %49, align 8 %51 = tail call i32 %50(%struct.inode* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_update_changeattr_locked 1 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236608** %7 = load %struct.nfs_renamedata.236608*, %struct.nfs_renamedata.236608** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236600* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %51 = phi i32 [ %27, %20 ], [ %48, %47 ] %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %74 %54 = icmp eq %struct.inode* %2, %1 %55 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 2 %56 = getelementptr inbounds %struct.nfs_renamedata.236608, %struct.nfs_renamedata.236608* %7, i64 0, i32 1, i32 3 %57 = load %struct.nfs_fattr*, %struct.nfs_fattr** %56, align 8 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %57, i64 0, i32 19 %59 = load i64, i64* %58, align 8 %60 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %61 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %60, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %61) #76 br i1 %54, label %72, label %62 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %2, %struct.perf_guest_switch_msr* %55, i64 %59, i64 2) #76 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236590** %18 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %78, label %29 store volatile i64 %23, i64* %6, align 8 %30 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33 %34 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, %7 br i1 %36, label %68, label %37 br i1 %11, label %38, label %40 tail call void @nfs_force_lookup_revalidate(%struct.inode* %0) #76 %39 = load %struct.super_block*, %struct.super_block** %14, align 8 br label %40 %41 = phi %struct.super_block* [ %39, %38 ], [ %15, %37 ] %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.236590** %44 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %44, i64 0, i32 0 %46 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.236642*, %struct.nfs_rpc_ops.236642** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.236642, %struct.nfs_rpc_ops.236642* %48, i64 0, i32 47 %50 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %49, align 8 %51 = tail call i32 %50(%struct.inode* %0, i32 1) #76 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: dm_pr_reserve sd_pr_reserve Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs4_xattr_get_nfs4_acl ------------- Path:  Function:nfs4_xattr_get_nfs4_acl %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.236590** %11 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %11, i64 0, i32 10 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %59, label %16 %17 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %2, i64 256) #76 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs3_get_acl ------------- Path:  Function:nfs3_get_acl %4 = alloca [7 x %struct.page.235630*], align 16 %5 = alloca %struct.nfs3_getaclargs, align 8 %6 = alloca %struct.nfs3_getaclres, align 8 %7 = alloca %struct.rpc_message.235759, align 8 %8 = getelementptr inbounds %struct.inode.235623, %struct.inode.235623* %0, i64 0, i32 8 %9 = load %struct.super_block.235606*, %struct.super_block.235606** %8, align 8 %10 = getelementptr inbounds %struct.super_block.235606, %struct.super_block.235606* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.235853** %12 = load %struct.nfs_server.235853*, %struct.nfs_server.235853** %11, align 16 %13 = bitcast [7 x %struct.page.235630*]* %4 to i8* %14 = bitcast %struct.nfs3_getaclargs* %5 to i8* %15 = getelementptr %struct.inode.235623, %struct.inode.235623* %0, i64 -1, i32 17, i32 1 %16 = bitcast %struct.nfs3_getaclargs* %5 to i64** store i64* %15, i64** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 2 %19 = getelementptr inbounds [7 x %struct.page.235630*], [7 x %struct.page.235630*]* %4, i64 0, i64 0 store %struct.page.235630** %19, %struct.page.235630*** %18, align 8 %20 = bitcast %struct.nfs3_getaclres* %6 to i8* %21 = bitcast %struct.rpc_message.235759* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message.235759, %struct.rpc_message.235759* %7, i64 0, i32 0 store %struct.rpc_procinfo.235758* null, %struct.rpc_procinfo.235758** %22, align 8 %23 = getelementptr inbounds %struct.rpc_message.235759, %struct.rpc_message.235759* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs3_getaclargs** store %struct.nfs3_getaclargs* %5, %struct.nfs3_getaclargs** %24, align 8 %25 = getelementptr inbounds %struct.rpc_message.235759, %struct.rpc_message.235759* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs3_getaclres** store %struct.nfs3_getaclres* %6, %struct.nfs3_getaclres** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.235759, %struct.rpc_message.235759* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %27, align 8 br i1 %2, label %243, label %28 %29 = getelementptr inbounds %struct.nfs_server.235853, %struct.nfs_server.235853* %12, i64 0, i32 10 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %243, label %33 %34 = call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode.235623*, i64)*)(%struct.inode.235623* %0, i64 256) #76 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #77 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #77 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #77 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #77 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #77 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.217383*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #77 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %41 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_attribute_cache_expired 1 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 17 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.215077** %31 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.217383*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #76 Function:nfs_attribute_cache_expired %2 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %3 = load %struct.super_block.217367*, %struct.super_block.217367** %2, align 8 %4 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %3, i64 0, i32 28 %5 = bitcast i8** %4 to %struct.nfs_server.217511** %6 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %5, align 16 %7 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %6, i64 0, i32 0 %8 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %7, align 8 %9 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %8, i64 0, i32 12 %10 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %9, align 8 %11 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %10, i64 0, i32 47 %12 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %11, align 8 %13 = tail call i32 %12(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_refresh_inode_locked 1 nfs_post_op_update_inode_force_wcc_locked 2 nfs_writeback_update_inode 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %99 = icmp eq i32 %51, 0 br i1 %99, label %100, label %340 %101 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 0 %102 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %101, align 8 %103 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %102, i64 0, i32 12 %104 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %103, align 8 %105 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %104, i64 0, i32 47 %106 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %105, align 8 %107 = tail call i32 %106(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: ata_acpi_ap_notify_dock ata_acpi_dev_notify_dock Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217511* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.217383* %0, i32 1) #77 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 10, i32 0 store i64 %120, i64* %121, align 8 %122 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 9, i32 1 %123 = load i64, i64* %122, align 8 %124 = and i64 %123, -220997 store i64 %124, i64* %122, align 8 %125 = load i32, i32* %36, align 8 %126 = and i32 %125, 393216 %127 = icmp eq i32 %126, 393216 br i1 %127, label %128, label %189 %129 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %130 = load i64, i64* %129, align 8 %131 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, %130 br i1 %133, label %134, label %189 %135 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %136 = load i64, i64* %135, align 8 store volatile i64 %136, i64* %131, align 8 %137 = load i16, i16* %78, align 8 %138 = and i16 %137, -4096 %139 = icmp eq i16 %138, 16384 %140 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %141 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %140, i64 0, i32 28 %142 = bitcast i8** %141 to %struct.nfs_server.217511** %143 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %142, align 16 br i1 %139, label %144, label %163 %164 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 10 %165 = load i32, i32* %164, align 8 %166 = and i32 %165, 268435456 %167 = icmp eq i32 %166, 0 br i1 %167, label %189, label %168 %169 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 0 %170 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %169, align 8 %171 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %170, i64 0, i32 12 %172 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %171, align 8 %173 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %172, i64 0, i32 47 %174 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %173, align 8 %175 = tail call i32 %174(%struct.inode.217383* %0, i32 1) #77 %176 = load i64, i64* %122, align 8 %177 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %178 = load %struct.address_space.217384*, %struct.address_space.217384** %177, align 8 %179 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %178, i64 0, i32 7 %180 = load i64, i64* %179, align 8 %181 = icmp eq i64 %180, 0 br i1 %181, label %182, label %184 %185 = and i64 %176, 2 %186 = icmp eq i64 %185, 0 br i1 %186, label %189, label %187 %188 = and i64 %176, -8193 store i64 %188, i64* %122, align 8 br label %189 %190 = phi i64 [ %188, %187 ], [ %176, %184 ], [ %183, %182 ], [ %124, %163 ], [ %162, %161 ], [ %160, %159 ], [ %124, %128 ], [ %124, %109 ] %191 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17 %192 = bitcast %struct.cpu_itimer* %191 to i8* %193 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17, i32 1 %194 = load i64, i64* %193, align 8 %195 = load i32, i32* %36, align 8 %196 = and i32 %195, 81920 %197 = icmp eq i32 %196, 81920 br i1 %197, label %198, label %212 %199 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 17, i32 0 %200 = load i64, i64* %199, align 8 %201 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 0 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %200, %202 br i1 %203, label %204, label %212 %205 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 1 %206 = load i64, i64* %205, align 8 %207 = icmp eq i64 %194, %206 br i1 %207, label %208, label %212 %209 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13 %210 = bitcast %struct.cpu_itimer* %209 to i8* %211 = load i32, i32* %36, align 8 br label %212 %213 = phi i32 [ %195, %204 ], [ %195, %189 ], [ %195, %198 ], [ %211, %208 ] %214 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16 %215 = bitcast %struct.cpu_itimer* %214 to i8* %216 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16, i32 1 %217 = load i64, i64* %216, align 8 %218 = and i32 %213, 40960 %219 = icmp eq i32 %218, 40960 br i1 %219, label %220, label %259 %221 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 16, i32 0 %222 = load i64, i64* %221, align 8 %223 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 0 %224 = load i64, i64* %223, align 8 %225 = icmp eq i64 %222, %224 br i1 %225, label %226, label %259 %227 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 1 %228 = load i64, i64* %227, align 8 %229 = icmp eq i64 %217, %228 br i1 %229, label %230, label %259 %231 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12 %232 = bitcast %struct.cpu_itimer* %231 to i8* %233 = load i16, i16* %78, align 8 %234 = and i16 %233, -4096 %235 = icmp eq i16 %234, 16384 br i1 %235, label %236, label %259 %237 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %238 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %237, i64 0, i32 28 %239 = bitcast i8** %238 to %struct.nfs_server.217511** %240 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %239, align 16 %241 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %240, i64 0, i32 0 %242 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %241, align 8 %243 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %242, i64 0, i32 12 %244 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %243, align 8 %245 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %244, i64 0, i32 47 %246 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %245, align 8 %247 = tail call i32 %246(%struct.inode.217383* %0, i32 1) #77 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.215312, %struct.kiocb.215312* %0, i64 0, i32 0 %4 = load %struct.file.215754*, %struct.file.215754** %3, align 8 %5 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %4, i64 0, i32 2 %6 = load %struct.inode.215746*, %struct.inode.215746** %5, align 8 %7 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %6, i64 0, i32 8 %8 = load %struct.super_block.215732*, %struct.super_block.215732** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215891** %11 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215891, %struct.nfs_server.215891* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215754*, %struct.inode.215746*)*)(%struct.file.215754* %4, %struct.inode.215746* %6) #76 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.215312, %struct.kiocb.215312* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %26 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %6, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 256 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %151 %31 = and i32 %20, 16 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %39 %40 = load %struct.super_block.215732*, %struct.super_block.215732** %7, align 8 %41 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.215891** %43 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %42, align 16 %44 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %4, i64 0, i32 7 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 16384 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %50 %49 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode.215746*, i64)*)(%struct.inode.215746* %6, i64 2048) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_file_llseek ------------- Path:  Function:nfs_file_llseek %4 = icmp ult i32 %2, 2 br i1 %4, label %25, label %5 %6 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 18 %7 = load %struct.address_space.215305*, %struct.address_space.215305** %6, align 8 %8 = getelementptr inbounds %struct.address_space.215305, %struct.address_space.215305* %7, i64 0, i32 0 %9 = load %struct.inode.215746*, %struct.inode.215746** %8, align 8 %10 = getelementptr inbounds %struct.inode.215746, %struct.inode.215746* %9, i64 0, i32 8 %11 = load %struct.super_block.215732*, %struct.super_block.215732** %10, align 8 %12 = getelementptr inbounds %struct.super_block.215732, %struct.super_block.215732* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.215891** %14 = load %struct.nfs_server.215891*, %struct.nfs_server.215891** %13, align 16 %15 = getelementptr inbounds %struct.file.215754, %struct.file.215754* %0, i64 0, i32 7 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 16384 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %21 %20 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode.215746*, i64)*)(%struct.inode.215746* %9, i64 2048) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215077** %12 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.215077** %44 = load %struct.nfs_server.215077*, %struct.nfs_server.215077** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.215077, %struct.nfs_server.215077* %44, i64 0, i32 0 %46 = load %struct.nfs_client.215071*, %struct.nfs_client.215071** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.215071, %struct.nfs_client.215071* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.215053*, %struct.nfs_rpc_ops.215053** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.215053, %struct.nfs_rpc_ops.215053* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #76 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #77 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 9, i32 1 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %37 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13 %12 = bitcast %struct.cpu_itimer* %11 to %struct.list_head* %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 13, i32 1 %14 = bitcast i64* %13 to %struct.list_head** %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -2, i32 1 %17 = icmp eq %struct.list_head* %15, %12 br i1 %17, label %38, label %18 %19 = getelementptr inbounds %struct.list_head*, %struct.list_head** %16, i64 5 %20 = bitcast %struct.list_head** %19 to %struct.cred** %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %21) #76 %23 = icmp ne i32 %22, 0 %24 = icmp eq %struct.list_head** %16, null %25 = or i1 %24, %23 br i1 %25, label %39, label %26 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 br i1 %27, label %40, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %41 tail call void @rcu_read_unlock_strict() #76 %42 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %43 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %42, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #76 %44 = load i64, i64* %6, align 8 %45 = and i64 %44, 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %49, label %47 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 12, i32 1 %51 = bitcast i64* %50 to %struct.rb_node** %52 = bitcast %struct.spinlock* %42 to i8* %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %54 %55 = phi i1 [ false, %49 ], [ true, %87 ] %56 = load %struct.rb_node*, %struct.rb_node** %51, align 8 %57 = icmp eq %struct.rb_node* %56, null br i1 %57, label %116, label %58 %59 = phi %struct.rb_node* [ %73, %71 ], [ %56, %54 ] %60 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %59, i64 1, i32 2 %61 = bitcast %struct.rb_node** %60 to %struct.cred** %62 = load %struct.cred*, %struct.cred** %61, align 8 %63 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %62) #76 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = icmp eq i32 %63, 0 br i1 %68, label %75, label %69 %76 = tail call zeroext i1 bitcast (i1 (%struct.inode.217383*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #76 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, %1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %35 %9 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %10 = load %struct.super_block.217367*, %struct.super_block.217367** %9, align 8 %11 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.217511** %13 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %12, align 16 %14 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %13, i64 0, i32 0 %15 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %14, align 8 %16 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %15, i64 0, i32 12 %17 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %16, align 8 %18 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %17, i64 0, i32 47 %19 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %18, align 8 %20 = tail call i32 %19(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_inode_stale_locked 1 nfs_update_inode 2 nfs_refresh_inode_locked 3 nfs_post_op_update_inode_force_wcc_locked 4 nfs_writeback_update_inode 5 nfs4_write_done_cb 6 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %68 = load i16, i16* %67, align 4 %69 = xor i16 %15, %68 %70 = icmp ugt i16 %69, 4095 br i1 %70, label %71, label %77 %72 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 11 %73 = load i64, i64* %72, align 8 %74 = zext i16 %15 to i32 %75 = zext i16 %68 to i32 %76 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([49 x i8], [49 x i8]* @.str.5.21609, i64 0, i64 0), i8* getelementptr inbounds ([17 x i8], [17 x i8]* @__func__.nfs_update_inode, i64 0, i64 0), i64 %73, i32 %74, i32 %75) #76 br label %634 tail call fastcc void @nfs_set_inode_stale_locked(%struct.inode.217383* %0) #78 Function:nfs_set_inode_stale_locked %2 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %3 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 9, i32 0 %4 = bitcast i64* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %4, i32 2, i8* %4) #6, !srcloc !4 %5 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %8 = load %struct.super_block.217367*, %struct.super_block.217367** %7, align 8 %9 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.217511** %11 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %11, i64 0, i32 6 %13 = load %struct.nfs_iostats*, %struct.nfs_iostats** %12, align 8 %14 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %13, i64 0, i32 1, i64 3 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %14, i64* %14) #6, !srcloc !5 %15 = load %struct.super_block.217367*, %struct.super_block.217367** %7, align 8 %16 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.217511** %18 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %17, align 16 %19 = load i16, i16* %5, align 8 %20 = and i16 %19, -4096 %21 = icmp eq i16 %20, 16384 %22 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %18, i64 0, i32 21 %23 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %18, i64 0, i32 19 %24 = select i1 %21, i32* %22, i32* %23 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 10, i32 1 store i64 %26, i64* %27, align 8 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 11, i32 0 store i64 %28, i64* %29, align 8 %30 = and i16 %6, -4096 switch i16 %30, label %54 [ i16 -32768, label %31 i16 16384, label %31 i16 -24576, label %31 ] %55 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %17, align 16 %56 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %55, i64 0, i32 0 %57 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %56, align 8 %58 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %57, i64 0, i32 12 %59 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %58, align 8 %60 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %59, i64 0, i32 47 %61 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %60, align 8 %62 = tail call i32 %61(%struct.inode.217383* %0, i32 1) #76 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: nfs4_have_delegation Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_write_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: i915_driver_release Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: mq_find Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate nfs_lookup_revalidate vfat_revalidate_ci nfs4_lookup_revalidate tid_fd_revalidate kernfs_dop_revalidate vfat_revalidate proc_sys_revalidate Check callee group: pipe_ioctl ext4_ioctl autofs_dev_ioctl snd_ctl_ioctl sg_ioctl hiddev_ioctl proc_reg_unlocked_ioctl msr_ioctl bsg_ioctl hung_up_tty_ioctl snd_hwdep_ioctl autofs_root_ioctl evdev_ioctl loop_control_ioctl seccomp_notify_ioctl rtc_dev_ioctl usblp_ioctl usbdev_ioctl posix_clock_ioctl drm_ioctl sock_ioctl snd_disconnect_ioctl rfkill_fop_ioctl cache_ioctl_pipefs hpet_ioctl i915_perf_ioctl ns_ioctl pps_cdev_ioctl fat_dir_ioctl mon_bin_ioctl nvram_misc_ioctl snd_seq_ioctl tty_ioctl sync_file_ioctl inotify_ioctl perf_ioctl block_ioctl dma_buf_ioctl snd_timer_user_ioctl snapshot_ioctl hidraw_ioctl random_ioctl dm_ctl_ioctl fat_generic_ioctl rpc_pipe_ioctl Check callee group: pipe_ioctl ext4_ioctl autofs_dev_ioctl snd_ctl_ioctl sg_ioctl hiddev_ioctl proc_reg_unlocked_ioctl msr_ioctl bsg_ioctl hung_up_tty_ioctl snd_hwdep_ioctl autofs_root_ioctl evdev_ioctl loop_control_ioctl seccomp_notify_ioctl rtc_dev_ioctl usblp_ioctl usbdev_ioctl posix_clock_ioctl drm_ioctl sock_ioctl snd_disconnect_ioctl rfkill_fop_ioctl cache_ioctl_pipefs hpet_ioctl i915_perf_ioctl ns_ioctl pps_cdev_ioctl fat_dir_ioctl mon_bin_ioctl nvram_misc_ioctl snd_seq_ioctl tty_ioctl sync_file_ioctl inotify_ioctl perf_ioctl block_ioctl dma_buf_ioctl snd_timer_user_ioctl snapshot_ioctl hidraw_ioctl random_ioctl dm_ctl_ioctl fat_generic_ioctl rpc_pipe_ioctl Use: =BAD PATH= Call Stack: 0 compat_ptr_ioctl ------------- Path:  Function:compat_ptr_ioctl %4 = getelementptr inbounds %struct.file.147732, %struct.file.147732* %0, i64 0, i32 3 %5 = load %struct.file_operations.147682*, %struct.file_operations.147682** %4, align 8 %6 = getelementptr inbounds %struct.file_operations.147682, %struct.file_operations.147682* %5, i64 0, i32 10 %7 = bitcast {}** %6 to i64 (%struct.file.147732*, i32, i64)** %8 = load i64 (%struct.file.147732*, i32, i64)*, i64 (%struct.file.147732*, i32, i64)** %7, align 8 %9 = icmp eq i64 (%struct.file.147732*, i32, i64)* %8, null br i1 %9, label %13, label %10 %11 = and i64 %2, 4294967295 %12 = tail call i64 %8(%struct.file.147732* %0, i32 %1, i64 %11) #76 ------------- Use: =BAD PATH= Call Stack: 0 compat_ptr_ioctl ------------- Path:  Function:compat_ptr_ioctl %4 = getelementptr inbounds %struct.file.147732, %struct.file.147732* %0, i64 0, i32 3 %5 = load %struct.file_operations.147682*, %struct.file_operations.147682** %4, align 8 %6 = getelementptr inbounds %struct.file_operations.147682, %struct.file_operations.147682* %5, i64 0, i32 10 %7 = bitcast {}** %6 to i64 (%struct.file.147732*, i32, i64)** %8 = load i64 (%struct.file.147732*, i32, i64)*, i64 (%struct.file.147732*, i32, i64)** %7, align 8 %9 = icmp eq i64 (%struct.file.147732*, i32, i64)* %8, null br i1 %9, label %13, label %10 %11 = and i64 %2, 4294967295 %12 = tail call i64 %8(%struct.file.147732* %0, i32 %1, i64 %11) #76 ------------- Check callee group: dm_blk_ioctl lo_ioctl md_ioctl sr_block_ioctl sd_ioctl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: dm_blk_ioctl lo_ioctl md_ioctl sr_block_ioctl sd_ioctl Use: =BAD PATH= Call Stack: 0 blkdev_compat_ptr_ioctl ------------- Path:  Function:blkdev_compat_ptr_ioctl %5 = getelementptr inbounds %struct.block_device.301900, %struct.block_device.301900* %0, i64 0, i32 16 %6 = load %struct.gendisk.301732*, %struct.gendisk.301732** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.301732, %struct.gendisk.301732* %6, i64 0, i32 8 %8 = load %struct.block_device_operations.301727*, %struct.block_device_operations.301727** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.301727, %struct.block_device_operations.301727* %8, i64 0, i32 4 %10 = bitcast {}** %9 to i32 (%struct.block_device.301900*, i32, i32, i64)** %11 = load i32 (%struct.block_device.301900*, i32, i32, i64)*, i32 (%struct.block_device.301900*, i32, i32, i64)** %10, align 8 %12 = icmp eq i32 (%struct.block_device.301900*, i32, i32, i64)* %11, null br i1 %12, label %16, label %13 %14 = and i64 %3, 4294967295 %15 = tail call i32 %11(%struct.block_device.301900* %0, i32 %1, i32 %2, i64 %14) #76 ------------- Use: =BAD PATH= Call Stack: 0 blkdev_compat_ptr_ioctl ------------- Path:  Function:blkdev_compat_ptr_ioctl %5 = getelementptr inbounds %struct.block_device.301900, %struct.block_device.301900* %0, i64 0, i32 16 %6 = load %struct.gendisk.301732*, %struct.gendisk.301732** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.301732, %struct.gendisk.301732* %6, i64 0, i32 8 %8 = load %struct.block_device_operations.301727*, %struct.block_device_operations.301727** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.301727, %struct.block_device_operations.301727* %8, i64 0, i32 4 %10 = bitcast {}** %9 to i32 (%struct.block_device.301900*, i32, i32, i64)** %11 = load i32 (%struct.block_device.301900*, i32, i32, i64)*, i32 (%struct.block_device.301900*, i32, i32, i64)** %10, align 8 %12 = icmp eq i32 (%struct.block_device.301900*, i32, i32, i64)* %11, null br i1 %12, label %16, label %13 %14 = and i64 %3, 4294967295 %15 = tail call i32 %11(%struct.block_device.301900* %0, i32 %1, i32 %2, i64 %14) #76 ------------- Check callee group: sockfs_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get ext4_xattr_hurd_get posix_acl_xattr_get nfs4_xattr_get_nfs4_acl ext4_xattr_trusted_get ext4_xattr_security_get shmem_xattr_handler_get Check callee group: tg3_read_indirect_mbox tg3_read32_mbox_5906 tg3_read32 Check callee group: sockfs_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get ext4_xattr_hurd_get posix_acl_xattr_get nfs4_xattr_get_nfs4_acl ext4_xattr_trusted_get ext4_xattr_security_get shmem_xattr_handler_get Check callee group: lo_compat_ioctl md_compat_ioctl blkdev_compat_ptr_ioctl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_register sd_pr_register Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: tg3_read_indirect_reg32 Check callee group: mq_leaf Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: timens_install utsns_install mntns_install cgroupns_install pidns_install ipcns_install netns_install Check callee group: snd_disconnect_ioctl pps_cdev_compat_ioctl rtc_dev_compat_ioctl dm_compat_ctl_ioctl msr_ioctl compat_blkdev_ioctl snapshot_compat_ioctl usblp_ioctl autofs_root_compat_ioctl hpet_compat_ioctl tty_compat_ioctl proc_reg_compat_ioctl snd_seq_ioctl_compat perf_compat_ioctl compat_ptr_ioctl hung_up_tty_compat_ioctl evdev_ioctl_compat fat_compat_dir_ioctl mon_bin_compat_ioctl i915_perf_ioctl ext4_compat_ioctl snd_timer_user_ioctl_compat loop_control_ioctl seccomp_notify_ioctl snd_hwdep_ioctl_compat posix_clock_compat_ioctl autofs_dev_ioctl_compat snd_ctl_ioctl_compat inotify_ioctl compat_sock_ioctl i915_ioc32_compat_ioctl Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: tg3_write_indirect_reg32 Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: mdio_ctrl_hw Check callee group: drm_atomic_helper_update_plane intel_legacy_cursor_update drm_primary_helper_update Check callee group: nv_set_multicast Check callee group: fifo_init fifo_hd_init Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: drm_property_free_blob drm_framebuffer_free drm_connector_free Check callee group: drm_atomic_helper_update_plane intel_legacy_cursor_update drm_primary_helper_update Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: sock_efree Check callee group: i915_driver_open Check callee group: mdio_ctrl_hw Check callee group: i915_ttm_adjust_lru Check callee group: nfs4_have_delegation Check callee group: aio_complete_rw Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: nfs4_have_delegation Check callee group: i915_ttm_adjust_lru Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: sock_efree Check callee group: i915_ttm_adjust_lru Check callee group: nfs4_have_delegation Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: mq_find Check callee group: mq_find Check callee group: mq_find Check callee group: mdio_ctrl_hw Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mq_find Check callee group: mq_find Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: mdio_ctrl_hw Check callee group: mq_select_queue Check callee group: md_set_read_only Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: mqueue_create nfs_create bad_inode_create msdos_create shmem_create hugetlbfs_create ramfs_create vfat_create ext4_create Check callee group: mqueue_create nfs_create bad_inode_create msdos_create shmem_create hugetlbfs_create ramfs_create vfat_create ext4_create Check callee group: tg3_write_indirect_reg32 Check callee group: nfs_swap_deactivate Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: serial8250_pm Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: serial8250_release_port Check callee group: serial8250_release_port Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_release_port Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_release_port Check callee group: drm_gem_fb_create_handle intel_user_framebuffer_create_handle Check callee group: tg3_write_indirect_reg32 Check callee group: drm_gem_fb_create_handle intel_user_framebuffer_create_handle Check callee group: ata_acpi_ap_notify_dock ata_acpi_dev_notify_dock Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_request_port Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_release sd_pr_release Check callee group: dm_pr_release sd_pr_release Check callee group: tg3_read_indirect_reg32 Check callee group: uart_set_ldisc Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_request_port Check callee group: serial8250_pm Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 period_store ------------- Path:  Function:period_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 968 %9 = bitcast i8* %8 to %struct.ptp_clock_info** %10 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %9, align 8 %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %12, align 8 %13 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 1 %16 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %17 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %18 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.6.57366, i64 0, i64 0), i32* %13, i64* %14, i32* %15, i64* %16, i32* %17) #76 %19 = icmp eq i32 %18, 5 br i1 %19, label %20, label %36 %21 = load i32, i32* %13, align 8 %22 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %10, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %21, %23 br i1 %24, label %25, label %36 %26 = load i64, i64* %16, align 8 %27 = icmp ne i64 %26, 0 %28 = load i32, i32* %17, align 8 %29 = icmp ne i32 %28, 0 %30 = or i1 %27, %29 %31 = zext i1 %30 to i32 %32 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %10, i64 0, i32 17 %33 = load i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)** %32, align 8 %34 = call i32 %33(%struct.ptp_clock_info* %10, %struct.ptp_clock_request* nonnull %5, i32 %31) #77 ------------- Check callee group: serial8250_pm Check callee group: tg3_write_indirect_reg32 Check callee group: sock_efree Check callee group: mdio_ctrl_hw Check callee group: sock_efree Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: sock_efree Check callee group: sock_efree Check callee group: sock_efree Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Use: =BAD PATH= Call Stack: 0 sock_queue_err_skb 1 __skb_tstamp_tx 2 __dev_queue_xmit 3 dev_queue_xmit 4 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.757749* (%struct.net.757607*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #76 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !5, !misexpect !6 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !8, !misexpect !11 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !5, !misexpect !6 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 bitcast (i32 (%struct.sock.273263*, %struct.msghdr.273230*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #76 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !5, !misexpect !6 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 31 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #76 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 66 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !5, !misexpect !6 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !8, !misexpect !6 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #76 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 1, i32 0 %27 = load %struct.sock.757502*, %struct.sock.757502** %26, align 8 tail call void bitcast (void (%struct.sk_buff.751083*, %struct.sk_buff.751083*, %struct.anon.1*, %struct.sock.751117*, i32)* @__skb_tstamp_tx to void (%struct.sk_buff.757762*, %struct.sk_buff.757762*, %struct.anon.1*, %struct.sock.757502*, i32)*)(%struct.sk_buff.757762* %0, %struct.sk_buff.757762* null, %struct.anon.1* null, %struct.sock.757502* %27, i32 1) #76 Function:__skb_tstamp_tx %6 = icmp eq %struct.sock.751117* %3, null br i1 %6, label %164, label %7 %8 = icmp eq %struct.anon.1* %2, null %9 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 63 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, 16384 %12 = icmp eq i16 %11, 0 %13 = and i1 %8, %12 br i1 %13, label %14, label %25 %26 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 63 %27 = and i16 %10, 2048 %28 = icmp ne i16 %27, 0 %29 = load i32, i32* @sysctl_tstamp_allow_data, align 4 %30 = icmp ne i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %44, label %32, !prof !4, !misexpect !5 br i1 %28, label %45, label %65 %66 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #77 %67 = icmp eq %struct.sk_buff.751083* %66, null br i1 %67, label %164, label %100 %101 = phi %struct.sk_buff.751083* [ %62, %68 ], [ %66, %65 ] %102 = phi i8 [ %63, %68 ], [ 0, %65 ] br i1 %8, label %114, label %103 %115 = tail call i64 @ktime_get_with_offset(i32 0) #76 %116 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 2, i32 0 store i64 %115, i64* %116, align 8 br label %117 %118 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 0 %119 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i32* store i32 42, i32* %120, align 4 %121 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 28 store i8 4, i8* %121, align 4 %122 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 32 %123 = bitcast i8* %122 to i32* store i32 %4, i32* %123, align 4 %124 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 44 store i8 %102, i8* %124, align 4 %125 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 0, i32 0, i32 2, i32 0 %126 = load %struct.net_device.751070*, %struct.net_device.751070** %125, align 8 %127 = icmp eq %struct.net_device.751070* %126, null br i1 %127, label %131, label %128 %129 = getelementptr inbounds %struct.net_device.751070, %struct.net_device.751070* %126, i64 0, i32 17 %130 = load i32, i32* %129, align 16 br label %131 %132 = phi i32 [ %130, %128 ], [ 0, %117 ] %133 = bitcast i8* %118 to i32* store i32 %132, i32* %133, align 4 %134 = load i16, i16* %26, align 8 %135 = trunc i16 %134 to i8 %136 = icmp sgt i8 %135, -1 br i1 %136, label %160, label %137 %138 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 40 %139 = load i8*, i8** %138, align 8 %140 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 39 %141 = load i32, i32* %140, align 4 %142 = zext i32 %141 to i64 %143 = getelementptr i8, i8* %139, i64 %142 %144 = getelementptr inbounds i8, i8* %143, i64 28 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 36 %148 = bitcast i8* %147 to i32* store i32 %146, i32* %148, align 4 %149 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 46 %150 = load i16, i16* %149, align 4 %151 = icmp eq i16 %150, 6 br i1 %151, label %152, label %160 %153 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 45 %154 = load i16, i16* %153, align 2 %155 = icmp eq i16 %154, 1 br i1 %155, label %156, label %160 %157 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 66 %158 = load i32, i32* %157, align 4 %159 = sub i32 %146, %158 store i32 %159, i32* %148, align 4 br label %160 %161 = tail call i32 @sock_queue_err_skb(%struct.sock.751117* nonnull %3, %struct.sk_buff.751083* nonnull %101) #76 Function:sock_queue_err_skb %3 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %0, i64 0, i32 7, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %1, i64 0, i32 42 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, %4 %8 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %0, i64 0, i32 11 %9 = load volatile i32, i32* %8, align 4 %10 = icmp ult i32 %7, %9 br i1 %10, label %11, label %80 %12 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %1, i64 0, i32 4, i32 0, i32 1 %13 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %12, align 8 %14 = icmp eq void (%struct.sk_buff.751083*)* %13, null br i1 %14, label %18, label %15 tail call void %13(%struct.sk_buff.751083* %1) #76 ------------- Use: =BAD PATH= Call Stack: 0 sock_queue_err_skb 1 __skb_tstamp_tx 2 __dev_queue_xmit 3 dev_queue_xmit 4 netlink_deliver_tap 5 netlink_sendskb 6 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #76 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #76 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #76 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #76 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 46 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #76 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #76 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 46 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.757762*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #76 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.757762* %0, %struct.net_device.757749* null) #76 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca %struct.winsize, align 2 %5 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.757749*, %struct.net_device.757749** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 %26 = getelementptr inbounds %struct.sk_buff.757762, %struct.sk_buff.757762* %0, i64 0, i32 1, i32 0 %27 = load %struct.sock.757502*, %struct.sock.757502** %26, align 8 tail call void bitcast (void (%struct.sk_buff.751083*, %struct.sk_buff.751083*, %struct.anon.1*, %struct.sock.751117*, i32)* @__skb_tstamp_tx to void (%struct.sk_buff.757762*, %struct.sk_buff.757762*, %struct.anon.1*, %struct.sock.757502*, i32)*)(%struct.sk_buff.757762* %0, %struct.sk_buff.757762* null, %struct.anon.1* null, %struct.sock.757502* %27, i32 1) #76 Function:__skb_tstamp_tx %6 = icmp eq %struct.sock.751117* %3, null br i1 %6, label %164, label %7 %8 = icmp eq %struct.anon.1* %2, null %9 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 63 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, 16384 %12 = icmp eq i16 %11, 0 %13 = and i1 %8, %12 br i1 %13, label %14, label %25 %26 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 63 %27 = and i16 %10, 2048 %28 = icmp ne i16 %27, 0 %29 = load i32, i32* @sysctl_tstamp_allow_data, align 4 %30 = icmp ne i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %44, label %32, !prof !4, !misexpect !5 br i1 %28, label %45, label %65 %66 = tail call %struct.sk_buff.751083* @skb_clone(%struct.sk_buff.751083* %0, i32 2592) #77 %67 = icmp eq %struct.sk_buff.751083* %66, null br i1 %67, label %164, label %100 %101 = phi %struct.sk_buff.751083* [ %62, %68 ], [ %66, %65 ] %102 = phi i8 [ %63, %68 ], [ 0, %65 ] br i1 %8, label %114, label %103 %115 = tail call i64 @ktime_get_with_offset(i32 0) #76 %116 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 2, i32 0 store i64 %115, i64* %116, align 8 br label %117 %118 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 0 %119 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i32* store i32 42, i32* %120, align 4 %121 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 28 store i8 4, i8* %121, align 4 %122 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 32 %123 = bitcast i8* %122 to i32* store i32 %4, i32* %123, align 4 %124 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 44 store i8 %102, i8* %124, align 4 %125 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 0, i32 0, i32 2, i32 0 %126 = load %struct.net_device.751070*, %struct.net_device.751070** %125, align 8 %127 = icmp eq %struct.net_device.751070* %126, null br i1 %127, label %131, label %128 %129 = getelementptr inbounds %struct.net_device.751070, %struct.net_device.751070* %126, i64 0, i32 17 %130 = load i32, i32* %129, align 16 br label %131 %132 = phi i32 [ %130, %128 ], [ 0, %117 ] %133 = bitcast i8* %118 to i32* store i32 %132, i32* %133, align 4 %134 = load i16, i16* %26, align 8 %135 = trunc i16 %134 to i8 %136 = icmp sgt i8 %135, -1 br i1 %136, label %160, label %137 %138 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 40 %139 = load i8*, i8** %138, align 8 %140 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 39 %141 = load i32, i32* %140, align 4 %142 = zext i32 %141 to i64 %143 = getelementptr i8, i8* %139, i64 %142 %144 = getelementptr inbounds i8, i8* %143, i64 28 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %101, i64 0, i32 3, i64 36 %148 = bitcast i8* %147 to i32* store i32 %146, i32* %148, align 4 %149 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 46 %150 = load i16, i16* %149, align 4 %151 = icmp eq i16 %150, 6 br i1 %151, label %152, label %160 %153 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 45 %154 = load i16, i16* %153, align 2 %155 = icmp eq i16 %154, 1 br i1 %155, label %156, label %160 %157 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %3, i64 0, i32 66 %158 = load i32, i32* %157, align 4 %159 = sub i32 %146, %158 store i32 %159, i32* %148, align 4 br label %160 %161 = tail call i32 @sock_queue_err_skb(%struct.sock.751117* nonnull %3, %struct.sk_buff.751083* nonnull %101) #76 Function:sock_queue_err_skb %3 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %0, i64 0, i32 7, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %1, i64 0, i32 42 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, %4 %8 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %0, i64 0, i32 11 %9 = load volatile i32, i32* %8, align 4 %10 = icmp ult i32 %7, %9 br i1 %10, label %11, label %80 %12 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %1, i64 0, i32 4, i32 0, i32 1 %13 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %12, align 8 %14 = icmp eq void (%struct.sk_buff.751083*)* %13, null br i1 %14, label %18, label %15 tail call void %13(%struct.sk_buff.751083* %1) #76 ------------- Check callee group: i915_driver_lastclose Check callee group: i915_ttm_adjust_lru Check callee group: sock_efree Check callee group: aio_complete_rw Check callee group: sock_efree Check callee group: sock_efree Check callee group: tg3_read_indirect_reg32 Check callee group: sock_efree Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 msg_zerocopy_callback 4 __pskb_pull_tail 5 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %26) #76 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.829144*, i32)*)(%struct.sk_buff.829144* %0, i32 %63) #76 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.751083* %0, i32 0, i32 %27, i32 2592) #76 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %286 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.751083* %0, i32 %38, i8* %42, i32 %1) #76 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.751083** %53 = load %struct.sk_buff.751083*, %struct.sk_buff.751083** %52, align 8 %54 = icmp eq %struct.sk_buff.751083* %53, null br i1 %54, label %169, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.750960]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %169 %170 = phi i32 [ %48, %46 ], [ %156, %155 ], [ %168, %159 ], [ %48, %73 ], [ %48, %63 ] %171 = phi i8* [ %47, %46 ], [ %157, %155 ], [ %167, %159 ], [ %47, %73 ], [ %47, %63 ] %172 = zext i32 %170 to i64 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 2 %175 = load i8, i8* %174, align 2 %176 = icmp eq i8 %175, 0 br i1 %176, label %237, label %177 %178 = phi i64 [ %226, %223 ], [ 0, %169 ] %179 = phi i8* [ %230, %223 ], [ %173, %169 ] %180 = phi i32 [ %225, %223 ], [ 0, %169 ] %181 = phi i32 [ %224, %223 ], [ %1, %169 ] %182 = getelementptr inbounds i8, i8* %179, i64 48 %183 = bitcast i8* %182 to [17 x %struct.page_frag.750960]* %184 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %178, i32 1 %185 = load i32, i32* %184, align 8 %186 = icmp slt i32 %181, %185 br i1 %186, label %206, label %187 %207 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %178 %208 = sext i32 %180 to i64 %209 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208 %210 = bitcast %struct.page_frag.750960* %209 to i8* %211 = bitcast %struct.page_frag.750960* %207 to i8* %212 = icmp eq i32 %181, 0 br i1 %212, label %221, label %213 %214 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208, i32 2 %215 = load i32, i32* %214, align 4 %216 = add i32 %215, %181 store i32 %216, i32* %214, align 4 %217 = getelementptr [17 x %struct.page_frag.750960], [17 x %struct.page_frag.750960]* %183, i64 0, i64 %208, i32 1 %218 = load i32, i32* %217, align 8 %219 = sub i32 %218, %181 store i32 %219, i32* %217, align 8 %220 = icmp eq i64 %178, 0 br i1 %220, label %241, label %221 %242 = load i32, i32* %3, align 8 %243 = add i32 %242, %1 store i32 %243, i32* %3, align 8 %244 = load i32, i32* %36, align 4 %245 = sub i32 %244, %1 store i32 %245, i32* %36, align 4 %246 = icmp ne i32 %245, 0 %247 = icmp eq %struct.sk_buff.751083* %0, null %248 = or i1 %247, %246 br i1 %248, label %281, label %249 %250 = load i8*, i8** %39, align 8 %251 = load i32, i32* %6, align 4 %252 = zext i32 %251 to i64 %253 = getelementptr i8, i8* %250, i64 %252 %254 = load i8, i8* %253, align 8 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %281, label %257 %258 = getelementptr inbounds i8, i8* %253, i64 40 %259 = bitcast i8* %258 to %struct.ubuf_info.751440** %260 = load %struct.ubuf_info.751440*, %struct.ubuf_info.751440** %259, align 8 %261 = icmp eq %struct.ubuf_info.751440* %260, null br i1 %261, label %281, label %262 %263 = ptrtoint %struct.ubuf_info.751440* %260 to i64 %264 = and i64 %263, 1 %265 = icmp eq i64 %264, 0 br i1 %265, label %266, label %274 %267 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %260, i64 0, i32 0 %268 = load void (%struct.sk_buff.751083*, %struct.ubuf_info.751440*, i1)*, void (%struct.sk_buff.751083*, %struct.ubuf_info.751440*, i1)** %267, align 8 tail call void %268(%struct.sk_buff.751083* nonnull %0, %struct.ubuf_info.751440* nonnull %260, i1 zeroext false) #77 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 1 %5 = bitcast %union.anon.203.750013* %4 to %struct.anon.192.751443* %6 = getelementptr inbounds %struct.anon.192.751443, %struct.anon.192.751443* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 -1, i32 1 %22 = bitcast %union.anon.203.750013* %21 to %struct.sk_buff.751083* %23 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.751117** %25 = load %struct.sock.751117*, %struct.sock.751117** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #76 br label %35 %36 = getelementptr inbounds %struct.anon.192.751443, %struct.anon.192.751443* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.203.750013* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.203.750013, %union.anon.203.750013* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #76 %66 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.751083*, %struct.sk_buff.751083** %66, align 8 %68 = bitcast %struct.sk_buff_head.750855* %63 to %struct.sk_buff.751083* %69 = icmp eq %struct.sk_buff.751083* %67, %68 %70 = icmp eq %struct.sk_buff.751083* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.203.750013* %21 to %struct.sk_buff.751083** store volatile %struct.sk_buff.751083* %68, %struct.sk_buff.751083** %95, align 8 %96 = getelementptr %struct.ubuf_info.751440, %struct.ubuf_info.751440* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.751083** store volatile %struct.sk_buff.751083* %67, %struct.sk_buff.751083** %97, align 8 store volatile %struct.sk_buff.751083* %22, %struct.sk_buff.751083** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.751083* %22, %struct.sk_buff.751083** %98, align 8 %99 = getelementptr inbounds %struct.sock.751117, %struct.sock.751117* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.751083* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #76 tail call void bitcast (void (%struct.sock.273263*)* @sk_error_report to void (%struct.sock.751117*)*)(%struct.sock.751117* %25) #76 br label %104 %105 = phi %struct.sk_buff.751083* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.751083* %105) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.751083*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.751083*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.751083* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 __neigh_event_send 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.829233*, %struct.net_device.829233** %9, align 8 %11 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.829134* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.828721* %0 to %struct.rtable.828746* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %51, i8* %63, align 4 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %64, align 1 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.828746* %55, %struct.sk_buff.829144* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #76 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.829243, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.829144, %struct.sk_buff.829144* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.829233*, %struct.net_device.829233** %28, align 8 %30 = bitcast %struct.fib_result.829243* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.829188*, %struct.in_device.829188** %44, align 8 %46 = icmp eq %struct.in_device.829188* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.828834*, %struct.net.828834** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 0 %56 = load %struct.net_device.829233*, %struct.net_device.829233** %55, align 8 %57 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.828834*, %struct.net.828834** %57, align 8 %59 = getelementptr inbounds %struct.net.828834, %struct.net.828834* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.829188, %struct.in_device.829188* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.762396*, i32)* @inet_addr_type to i32 (%struct.net.828834*, i32)*)(%struct.net.828834* %49, i32 %19) #76 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.828746, %struct.rtable.828746* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.829233*, %struct.net_device.829233** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.829233, %struct.net_device.829233* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.828731*, %struct.neigh_hash_table.828731** getelementptr inbounds (%struct.neigh_table.828732, %struct.neigh_table.828732* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.851028*, i32*)*, i1 (%struct.neighbour.850530*, i8*)*, i32 (%struct.neighbour.850530*)*, i32 (%struct.pneigh_entry.850517*)*, void (%struct.pneigh_entry.850517*)*, void (%struct.sk_buff.850939*)*, i32 (i8*)*, i1 (%struct.net_device.851028*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.850518, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.850521, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.850526*, %struct.pneigh_entry.850517** }* @arp_tbl to %struct.neigh_table.828732*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.829233* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.828731, %struct.neigh_hash_table.828731* %118, i64 0, i32 0 %132 = load %struct.neighbour.828735**, %struct.neighbour.828735*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.828735*, %struct.neighbour.828735** %132, i64 %133 %135 = load volatile %struct.neighbour.828735*, %struct.neighbour.828735** %134, align 8 %136 = icmp eq %struct.neighbour.828735* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.828735* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 25 %140 = load %struct.net_device.829233*, %struct.net_device.829233** %139, align 8 %141 = icmp eq %struct.net_device.829233* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #76 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65379() #76 %176 = icmp eq %struct.neighbour.828735* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.828735* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.828735* %181 to i8* %183 = icmp ugt %struct.neighbour.828735* %181, inttoptr (i64 -4096 to %struct.neighbour.828735*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.828735, %struct.neighbour.828735* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.828735*, %struct.sk_buff.829144*)*)(%struct.neighbour.828735* %181, %struct.sk_buff.829144* null) #76 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #76 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 store i8 8, i8* %4, align 1 %99 = load volatile i64, i64* @jiffies, align 64 %100 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %99, i64* %100, align 8 %101 = load volatile i64, i64* @jiffies, align 64 %102 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %103 = load %struct.neigh_parms*, %struct.neigh_parms** %102, align 8 %104 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %103, i64 0, i32 10, i64 6 %105 = load i32, i32* %104, align 4 %106 = sext i32 %105 to i64 %107 = add i64 %101, %106 %108 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 6 %109 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %108, i64 0, i32 0, i32 0 %110 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32 1, i32* %109) #6, !srcloc !8 %111 = icmp eq i32 %110, 0 br i1 %111, label %116, label %112, !prof !9, !misexpect !6 %113 = add i32 %110, 1 %114 = or i32 %113, %110 %115 = icmp sgt i32 %114, -1 br i1 %115, label %118, label %116, !prof !5, !misexpect !6 %117 = phi i32 [ 2, %98 ], [ 1, %112 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %108, i32 %117) #76 br label %118 %119 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 9 %120 = tail call i32 @mod_timer(%struct.timer_list* %119, i64 %107) #76 %121 = icmp eq i32 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load i8, i8* %4, align 1 %124 = zext i8 %123 to i32 %125 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.15.63539, i64 0, i64 0), i32 %124) #77 tail call void @dump_stack() #77 br label %126 %127 = phi i1 [ true, %122 ], [ true, %118 ], [ false, %70 ], [ false, %66 ], [ true, %77 ] %128 = load i8, i8* %4, align 1 %129 = icmp eq i8 %128, 1 br i1 %129, label %130, label %226 %131 = icmp eq %struct.sk_buff* %1, null br i1 %131, label %226, label %132 %133 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 7 %134 = load i32, i32* %133, align 4 %135 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %136 = load i32, i32* %135, align 8 %137 = add i32 %136, %134 %138 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %139 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %140 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %139, i64 0, i32 10, i64 8 %141 = load i32, i32* %140, align 4 %142 = icmp ugt i32 %137, %141 br i1 %142, label %143, label %179 %144 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %145 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %144, i64 0, i32 0 %146 = bitcast %struct.sk_buff_head* %144 to %struct.sk_buff* %147 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %148 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 br label %149 %150 = load %struct.sk_buff*, %struct.sk_buff** %145, align 8 %151 = icmp eq %struct.sk_buff* %150, %146 %152 = icmp eq %struct.sk_buff* %150, null %153 = or i1 %151, %152 br i1 %153, label %179, label %154 %155 = load i32, i32* %147, align 8 %156 = add i32 %155, -1 store volatile i32 %156, i32* %147, align 8 %157 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 0 %158 = load %struct.sk_buff*, %struct.sk_buff** %157, align 8 %159 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 1 %160 = load %struct.sk_buff*, %struct.sk_buff** %159, align 8 %161 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %158, i64 0, i32 0, i32 0, i32 1 %162 = bitcast %struct.sk_buff* %150 to i8* store volatile %struct.sk_buff* %160, %struct.sk_buff** %161, align 8 %163 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %160, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %158, %struct.sk_buff** %163, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 42 %165 = load i32, i32* %164, align 8 %166 = load i32, i32* %133, align 4 %167 = sub i32 %166, %165 store i32 %167, i32* %133, align 4 tail call void bitcast (void (%struct.sk_buff.751083*)* @kfree_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %150) #76 %168 = load %struct.neigh_table*, %struct.neigh_table** %148, align 8 %169 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %168, i64 0, i32 28 %170 = load %struct.neigh_statistics*, %struct.neigh_statistics** %169, align 8 %171 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %170, i64 0, i32 10 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %171, i64* %171) #6, !srcloc !10 %172 = load i32, i32* %133, align 4 %173 = load i32, i32* %135, align 8 %174 = add i32 %173, %172 %175 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %176 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %175, i64 0, i32 10, i64 8 %177 = load i32, i32* %176, align 4 %178 = icmp ugt i32 %174, %177 br i1 %178, label %149, label %179 %180 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 4, i32 0, i32 0 %181 = load i64, i64* %180, align 8 %182 = and i64 %181, 1 %183 = icmp ne i64 %182, 0 %184 = icmp ugt i64 %181, 1 %185 = and i1 %184, %183 br i1 %185, label %186, label %212 %213 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %214 = bitcast %struct.sk_buff_head* %213 to %struct.sk_buff* %215 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %216 = load %struct.sk_buff*, %struct.sk_buff** %215, align 8 %217 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %214, %struct.sk_buff** %217, align 8 %218 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 1 store volatile %struct.sk_buff* %216, %struct.sk_buff** %218, align 8 store volatile %struct.sk_buff* %1, %struct.sk_buff** %215, align 8 %219 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %216, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %1, %struct.sk_buff** %219, align 8 %220 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %221 = load i32, i32* %220, align 8 %222 = add i32 %221, 1 store volatile i32 %222, i32* %220, align 8 %223 = load i32, i32* %135, align 8 %224 = load i32, i32* %133, align 4 %225 = add i32 %224, %223 store i32 %225, i32* %133, align 4 br label %226 %227 = phi i32 [ 0, %126 ], [ 1, %130 ], [ 1, %212 ] br i1 %127, label %249, label %228 %229 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %231 = load volatile %struct.sk_buff*, %struct.sk_buff** %230, align 8 %232 = bitcast %struct.sk_buff_head* %229 to %struct.sk_buff* %233 = icmp eq %struct.sk_buff* %231, %232 %234 = icmp eq %struct.sk_buff* %231, null %235 = or i1 %233, %234 br i1 %235, label %238, label %236 %237 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (%struct.sk_buff.751083*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %231, i32 2592) #76 br label %238 %239 = phi %struct.sk_buff* [ %237, %236 ], [ null, %228 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %240 = bitcast %struct.rwlock_t* %3 to i8* store volatile i8 0, i8* %240, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %241 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %242 = load %struct.neigh_ops*, %struct.neigh_ops** %241, align 8 %243 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %242, i64 0, i32 1 %244 = load void (%struct.neighbour*, %struct.sk_buff*)*, void (%struct.neighbour*, %struct.sk_buff*)** %243, align 8 %245 = icmp eq void (%struct.neighbour*, %struct.sk_buff*)* %244, null br i1 %245, label %247, label %246 %248 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 11, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %248, i32* %248) #6, !srcloc !14 tail call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %239) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.751083*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.751083*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.751083* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #76 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.751083*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.751083*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.751083* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #76 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.751083*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.751083*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.751083* %0) #76 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #76 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #76 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.751083* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #76 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #76 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.751083*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #76 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #76 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.751083*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #76 Function:consume_skb %2 = icmp eq %struct.sk_buff.751083* %0, null br i1 %2, label %34, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %33 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.751083* nonnull %0) #77 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.751083* %0) #76 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.751083, %struct.sk_buff.751083* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.751083*)*, void (%struct.sk_buff.751083*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.751083*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.751083*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.751083* %0) #76 ------------- Check callee group: kernfs_fop_write_iter generic_file_write_iter blkdev_write_iter proc_sys_write write_iter_null devkmsg_write tty_write nfs_file_write sock_write_iter ext4_file_write_iter pipe_write redirected_tty_write hung_up_tty_write Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: sock_efree Check callee group: tg3_write_indirect_reg32 Check callee group: sock_efree Check callee group: serial8250_get_mctrl Check callee group: mdio_ctrl_hw Check callee group: mq_walk Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_walk Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_walk Check callee group: drm_atomic_helper_set_config Check callee group: sock_efree Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: drm_atomic_helper_set_config Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_page_flip Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: i915_driver_lastclose Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: fifo_hd_init fifo_init Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: bad_inode_lookup proc_tgid_base_lookup nfs_lookup proc_lookupfdinfo isofs_lookup autofs_lookup empty_dir_lookup proc_attr_dir_lookup proc_ns_dir_lookup msdos_lookup vfat_lookup proc_sys_lookup kernfs_iop_lookup proc_tgid_net_lookup proc_root_lookup proc_lookup proc_map_files_lookup ext4_lookup proc_tid_base_lookup proc_lookupfd proc_task_lookup simple_lookup Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236600*, %struct.nfs4_slot.236600** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236600* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236617*, %struct.nfs_open_context.236617** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236618*, %struct.nfs_lock_context.236618** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236617, %struct.nfs_open_context.236617* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236616*, %struct.nfs4_state.236616** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238262*, i32, %struct.nfs_lock_context.238264*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236616*, i32, %struct.nfs_lock_context.236618*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236616* %27, i32 2, %struct.nfs_lock_context.236618* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #76 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236633*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236633* %1) #77 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236590** %60 = load %struct.nfs_server.236590*, %struct.nfs_server.236590** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236633, %struct.nfs_pgio_header.236633* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236590, %struct.nfs_server.236590* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236648*, %struct.nfs_client.236648** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #76 %67 = getelementptr inbounds %struct.nfs_client.236648, %struct.nfs_client.236648* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236633*)*)(%struct.nfs_pgio_header.236633* %1) #76 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #76 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #76 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.217383*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #76 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %57, label %10 %11 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %12 = sub i64 %5, %11 %13 = icmp sgt i64 %12, 0 br i1 %13, label %57, label %14 %15 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %16 = load %struct.super_block.217367*, %struct.super_block.217367** %15, align 8 %17 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217511** %19 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %19, i64 0, i32 26 %21 = load i32, i32* %20, align 8 switch i32 %21, label %37 [ i32 4, label %22 i32 3, label %25 ] %26 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 131072 %29 = icmp eq i32 %28, 0 br i1 %29, label %54, label %30 %31 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %34 = load volatile i64, i64* %33, align 8 %35 = sub i64 %32, %34 %36 = icmp sgt i64 %35, 0 br i1 %36, label %57, label %49 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 162943 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %67 = and i32 %59, 393216 %68 = icmp eq i32 %67, 131072 br i1 %68, label %69, label %74 %75 = phi i32 [ %59, %66 ], [ %73, %69 ] %76 = and i32 %75, 81920 %77 = icmp eq i32 %76, 16384 br i1 %77, label %78, label %84 %85 = phi i32 [ %75, %74 ], [ %83, %78 ] %86 = and i32 %85, 40960 %87 = icmp eq i32 %86, 8192 br i1 %87, label %88, label %94 %95 = phi i32 [ %85, %84 ], [ %93, %88 ] %96 = and i32 %95, 192 %97 = icmp eq i32 %96, 64 br i1 %97, label %98, label %103 %104 = phi i32* [ %58, %94 ], [ %58, %98 ], [ %64, %62 ] %105 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %106 = load i16, i16* %105, align 8 %107 = and i16 %106, -4096 %108 = icmp eq i16 %107, 16384 %109 = select i1 %108, i64 18178, i64 18176 %110 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %111 = load %struct.super_block.217367*, %struct.super_block.217367** %110, align 8 %112 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %111, i64 0, i32 28 %113 = bitcast i8** %112 to %struct.nfs_server.217511** %114 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %113, align 16 %115 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %114, i64 0, i32 0 %116 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %115, align 8 %117 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %116, i64 0, i32 12 %118 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %117, align 8 %119 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %118, i64 0, i32 47 %120 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %119, align 8 %121 = tail call i32 %120(%struct.inode.217383* %0, i32 1) #76 %122 = icmp eq i32 %121, 0 %123 = and i64 %109, 17922 %124 = select i1 %122, i64 %109, i64 %123 %125 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %126 = load i64, i64* %125, align 8 %127 = or i64 %124, %126 store i64 %127, i64* %125, align 8 %128 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 9 %129 = load %struct.address_space.217384*, %struct.address_space.217384** %128, align 8 %130 = getelementptr inbounds %struct.address_space.217384, %struct.address_space.217384* %129, i64 0, i32 7 %131 = load i64, i64* %130, align 8 %132 = icmp eq i64 %131, 0 br i1 %132, label %136, label %133 %134 = and i64 %127, 2 %135 = icmp eq i64 %134, 0 br i1 %135, label %139, label %136 %137 = phi i64 [ -8195, %103 ], [ -8193, %133 ] %138 = and i64 %127, %137 store i64 %138, i64* %125, align 8 br label %139 %140 = load i32, i32* %104, align 8 %141 = and i32 %140, 162943 %142 = icmp eq i32 %141, 0 br i1 %142, label %145, label %143 %144 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #76 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %4 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 11, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 %9 = icmp sgt i64 %8, 0 br i1 %9, label %50, label %10 %51 = phi i32 [ %49, %42 ], [ %36, %27 ], [ 1, %10 ], [ 0, %37 ], [ 0, %22 ], [ 0, %14 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %52)) #6 to label %66 [label %52], !srcloc !4 %67 = icmp sgt i32 %51, 0 br i1 %67, label %96, label %68 %69 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 9, i32 1 %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %72 = load %struct.super_block.217367*, %struct.super_block.217367** %71, align 8 %73 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.217511** %75 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %74, align 16 %76 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %75, i64 0, i32 26 %77 = load i32, i32* %76, align 8 %78 = icmp eq i32 %77, 4 %79 = and i64 %70, 256 %80 = icmp ne i64 %79, 0 %81 = or i1 %80, %78 %82 = and i64 %70, 89604 %83 = icmp eq i64 %82, 0 %84 = or i1 %83, %81 br i1 %84, label %98, label %85 %86 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %87 = load i32, i32* %86, align 8 %88 = and i32 %87, 131072 %89 = icmp eq i32 %88, 0 br i1 %89, label %98, label %90 %91 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %94 = load volatile i64, i64* %93, align 8 %95 = icmp eq i64 %92, %94 br i1 %95, label %96, label %98 %97 = tail call fastcc i32 @nfs_update_inode(%struct.inode.217383* %0, %struct.nfs_fattr* %1) #77 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 8 %4 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %5 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217511** %7 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %6, align 16 %8 = getelementptr %struct.inode.217383, %struct.inode.217383* %0, i64 -1, i32 17 %9 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 30 %14 = bitcast %struct.cpu_itimer* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %29 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217511* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.217383* %0, i32 1) #77 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 10, i32 0 store i64 %120, i64* %121, align 8 %122 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 9, i32 1 %123 = load i64, i64* %122, align 8 %124 = and i64 %123, -220997 store i64 %124, i64* %122, align 8 %125 = load i32, i32* %36, align 8 %126 = and i32 %125, 393216 %127 = icmp eq i32 %126, 393216 br i1 %127, label %128, label %189 %129 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %130 = load i64, i64* %129, align 8 %131 = getelementptr inbounds %struct.inode.217383, %struct.inode.217383* %0, i64 0, i32 33, i32 0 %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, %130 br i1 %133, label %134, label %189 %135 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %136 = load i64, i64* %135, align 8 store volatile i64 %136, i64* %131, align 8 %137 = load i16, i16* %78, align 8 %138 = and i16 %137, -4096 %139 = icmp eq i16 %138, 16384 %140 = load %struct.super_block.217367*, %struct.super_block.217367** %3, align 8 %141 = getelementptr inbounds %struct.super_block.217367, %struct.super_block.217367* %140, i64 0, i32 28 %142 = bitcast i8** %141 to %struct.nfs_server.217511** %143 = load %struct.nfs_server.217511*, %struct.nfs_server.217511** %142, align 16 br i1 %139, label %144, label %163 %164 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 10 %165 = load i32, i32* %164, align 8 %166 = and i32 %165, 268435456 %167 = icmp eq i32 %166, 0 br i1 %167, label %189, label %168 %169 = getelementptr inbounds %struct.nfs_server.217511, %struct.nfs_server.217511* %143, i64 0, i32 0 %170 = load %struct.nfs_client.217505*, %struct.nfs_client.217505** %169, align 8 %171 = getelementptr inbounds %struct.nfs_client.217505, %struct.nfs_client.217505* %170, i64 0, i32 12 %172 = load %struct.nfs_rpc_ops.217488*, %struct.nfs_rpc_ops.217488** %171, align 8 %173 = getelementptr inbounds %struct.nfs_rpc_ops.217488, %struct.nfs_rpc_ops.217488* %172, i64 0, i32 47 %174 = load i32 (%struct.inode.217383*, i32)*, i32 (%struct.inode.217383*, i32)** %173, align 8 %175 = tail call i32 %174(%struct.inode.217383* %0, i32 1) #77 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Good: 4996 Bad: 62 Ignored: 4097 Thread 0 Done! STOP WATCH[0]: 1540538.243000 ms =NON-Kernel Init Functions= __x64_sys_brk vm_brk vm_brk_flags i915_gem_execbuffer2_ioctl vfs_rename uart_set_info_user drm_client_init i915_gem_context_setparam_ioctl __ia32_sys_sched_setscheduler __x64_sys_sched_setattr sugov_init request_any_context_irq devm_request_any_context_irq hpet_late_init native_init_IRQ exar_pci_probe devm_request_threaded_irq acpi_cppc_processor_probe acpi_ec_ecdt_probe acpi_ec_setup acpi_ec_add do_dma_probe univ8250_setup_irq hpet_ioctl_common __x64_sys_sched_setscheduler amd_iommu_detect iommu_go_to_state amd_iommu_init amd_iommu_enable_interrupts dmar_hp_add_drhd dmar_device_add acpi_pci_root_add dmar_iommu_hotplug dmar_hp_remove_drhd dmar_device_hotplug acpi_pci_root_remove init_dmars intel_iommu_init tg3_set_channels e100_diag_test e100_set_ringparam e100_up e1000_resume e1000_diag_test.52371 e1000e_open sky2_probe sky2_open sky2_set_ringparam nv_open nv_resume rtl_open yenta_probe xhci_pci_resume i8042_setup_kbd i8042_check_aux i8042_probe cmos_do_probe cmos_init disable_msi_reset_irq __request_percpu_irq setup_percpu_irq request_percpu_nmi drm_vblank_worker_init rcu_spawn_gp_kthread __trace_bprintk vbin_printf trace_vbprintk __ftrace_vbprintk shm_close shm_mmap shm_exit_ns free_ipc proc_ipc_dointvec_minmax_orphans exit_shm __ia32_sys_delete_module __se_sys_ptrace ptrace_attach do_task_stat __ia32_sys_adjtimex __x64_sys_adjtimex __x64_sys_setfsuid __ia32_sys_setfsuid __x64_sys_setfsuid16 timerslack_ns_open secretmem_mmap __x64_sys_syslog do_shm_rmid __ia32_sys_syslog kmsg_open autofs_dev_ioctl_compat __x64_sys_quotactl_fd __se_sys_quotactl_fd __ia32_sys_quotactl_fd __x64_sys_quotactl __ia32_sys_quotactl __ia32_sys_setgroups __x64_sys_mlockall cache_disable_0_store proc_loginuid_write __ia32_sys_setresgid smbalert_probe __ia32_sys_setresgid16 modify_user_hw_breakpoint __x64_sys_fsopen __x64_sys_msgctl __ia32_sys_msgctl __ia32_compat_sys_old_msgctl __ia32_compat_sys_msgctl compat_ksys_old_msgctl dev_ioctl perf_trace_init perf_kprobe_init selinux_capable __x64_sys_setrlimit __se_sys_prlimit64 __ia32_sys_setrlimit __ia32_compat_sys_setrlimit perf_ioctl n_tty_ioctl_helper ext4_new_meta_blocks ext4_tmpfile ext4_ind_truncate ext4_free_data ext4_ind_truncate_ensure_credits ext4_clear_blocks ext4_ext_replay_shrink_inode ext4_ext_shift_extents ext4_ext_rm_idx state_next ext4_ext_correct_indexes ext4_ext_rm_leaf ext4_ext_truncate ext4_swap_extents ext4_ext_clear_bb ext4_ext_replay_set_iblocks ext4_end_io_rsv_work ext4_convert_unwritten_io_end_vec ext4_write_begin ext4_truncate ext4_zero_partial_blocks ext4_get_block_unwritten do_split ext4_init_new_dir dx_probe ext4_rename_dir_prepare __ext4_read_dirblock htree_dirblock_to_tree ext4_htree_fill_tree ext4_quota_read __ext4_find_entry ext4_get_parent ext4_xattr_ibody_get ext4_xattr_get ext4_xattr_security_get mpage_map_one_extent ext4_da_get_block_prep ext4_ext_tree_init ext4_write_end ext4_writepage ext4_update_disksize_before_punch ext4_punch_hole ext4_fallocate add_dirent_to_buf ext4_rename_dir_finish ext4_add_nondir vfs_unlink __ext4_unlink __ext4_link ext4_quota_off ext4_put_super ext4_quota_on ext4_quota_write ext4_initxattrs ext4_init_security __ext4_mark_inode_dirty ext4_xattr_security_set lwt_xmit_func_proto ext4_rename2 vvar_fault ttm_bo_vm_fault vmf_insert_pfn_prot vm_iomap_memory dma_common_mmap __ia32_sys_setfsuid16 dma_direct_mmap pci_mmap_page_range pci_mmap_resource_wc pci_mmap_resource_range pci_mmap_resource_uc ext4_ext_remove_space remap_pfn_range prot_none_hugetlb_entry newseg ip_options_compile ip_sublist_rcv cipso_v4_error file_modified __x64_sys_ioprio_set __se_sys_ioprio_set __ia32_sys_ioprio_set ext4_remount ext4_fill_super ext4_mount shmem_listxattr __x64_sys_io_submit __se_sys_io_submit aio_read __ia32_sys_brk azx_probe_work io_submit_one __x64_sys_shmctl __se_sys_shmctl ext4_readahead __ia32_compat_sys_shmctl __ia32_compat_sys_old_shmctl nfs4_setlease __x64_sys_migrate_pages __ia32_sys_migrate_pages inet_bind __x64_sys_perf_event_open __se_sys_perf_event_open __ia32_sys_perf_event_open perf_event_create_kernel_counter sel_write_avc_cache_threshold sel_write_user sel_write_relabel sel_write_create sel_write_context sel_write_bool set_one_prio fifo_open ext4_move_extents __x64_sys_pipe2 ext4_link __x64_sys_pipe ext4_unlink __ia32_sys_pipe2 ext4_symlink __ia32_sys_pipe ext4_lookup __do_pipe_flags ext4_create create_pipe_files umh_pipe_setup __x64_sys_setregid __ia32_sys_setregid16 __x64_sys_setns e1000e_pm_resume __ia32_sys_setns e1000e_pm_thaw unshare_nsproxy_namespaces __x64_sys_prlimit64 __x64_sys_mount __se_sys_mount genl_notify proc_exec_connector proc_id_connector proc_sid_connector proc_ptrace_connector acpi_button_notify acpi_processor_start __acpi_processor_start acpi_soft_cpu_online acpi_processor_driver_init acpi_thermal_notify proc_tgid_stat acpi_thermal_zone_device_critical acpi_thermal_zone_device_hot acpi_bus_generate_netlink_event store_uevent uevent_store kobject_synth_uevent report_resume ext4_ext_convert_to_initialized report_normal_detected report_frozen_detected acpi_video_device_notify eeepc_acpi_notify backlight_device_set_brightness brightness_store acpi_scan_is_offline acpi_device_hotplug acpi_hotplug_work_fn drm_sysfs_connector_status_event drm_setmaster_ioctl ged_probe drm_new_set_master drm_dropmaster_ioctl drm_open acpi_ged_request_interrupt cache_disable_1_store drm_master_release bprintf drm_client_release drm_client_dev_unregister drm_dev_unregister drm_dev_unplug i915_driver_remove drm_mode_getcrtc drm_crtc_get_sequence_ioctl intel_sprite_set_colorkey_ioctl drm_mode_dirtyfb_ioctl drm_mode_getfb2_ioctl drm_mode_rmfb_ioctl drm_mode_rmfb drm_client_framebuffer_delete drm_mode_setplane drm_framebuffer_lookup drm_mode_obj_get_properties_ioctl ext4_iomap_begin_report drm_property_change_valid_get drm_mode_getresources drm_mode_page_flip_ioctl drm_mode_setcrtc drm_mode_getencoder drm_mode_list_lessees_ioctl drm_mode_get_lease_ioctl drm_master_put execlists_context_cancel_request i915_gem_context_close kill_engines i915_gem_context_destroy_ioctl hub_event hcd_died_work uevent_net_rcv_skb selnl_notify_setenforce sel_write_enforce kauditd_send_multicast_skb reg_process_self_managed_hint reg_process_self_managed_hints nl80211_common_reg_change_event crda_timeout_work regdb_fw_cb reg_todo regulatory_hint_disconnect disconnect_work set_regdom nl80211_send_beacon_hint_event handle_reg_beacon wiphy_update_regulatory ioam6_exit genl_unregister_family nl80211_exit genl_init ioam6_init netlbl_unlabel_genl_init genl_ctrl_event netlbl_netlink_init netlbl_init cfg80211_update_owe_info_event nl80211_start_sched_scan cfg80211_sched_scan_stop_wk nl80211_stop_sched_scan cfg80211_sched_scan_results_wk cfg80211_sched_scan_stopped cfg80211_sched_scan_stopped_locked prot_none_pte_entry nl80211_send_scan_start cfg80211_tx_mgmt_expired nl80211_send_remain_on_chan_event cfg80211_ready_on_channel cfg80211_tdls_oper_request cfg80211_rx_unprot_mlme_mgmt cfg80211_rx_assoc_resp nl80211_send_mlme_event cfg80211_report_wowlan_wakeup ieee80211_nan_func_match ieee80211_nan_func_terminated cfg80211_mgmt_tx_status ieee80211_tx_status_irqsafe sta_info_cleanup purge_old_ps_buffers invoke_tx_handlers_early ieee80211_tx_prepare ieee80211_get_buffered_bc ieee80211_txq_remove_vlan ieee80211_ibss_add_sta ieee80211_ibss_finish_sta sta_info_insert_rcu ieee80211_txq_purge cleanup_single_sta fq_flow_reset nlmsg_notify ieee80211_probe_client ieee80211_send_eosp_nullfunc ieee80211_monitor_start_xmit ieee80211_s1g_tx_twt_setup_fail ieee80211_request_smps_mgd_work __sta_info_destroy_part1 ieee80211_del_key ieee80211_add_key ieee80211_uninit ieee80211_free_keys_iface ip_options_get ieee80211_free_keys ieee80211_free_sta_keys ___ieee80211_stop_rx_ba_session ieee80211_send_delba ieee80211_remain_on_channel ieee80211_scan_state_send_probe ieee80211_send_auth ieee80211_send_pspoll nl80211_trigger_scan ieee80211_offchannel_return ieee80211_scan __ieee80211_start_scan ieee80211_request_ibss_scan ieee80211_prep_connection ieee80211_cancel_roc ieee80211_mgmt_tx_cancel_wait ieee80211_roc_work ieee80211_roc_purge _ieee80211_start_next_roc ieee80211_hw_roc_done ieee80211_do_open ieee80211_send_nullfunc ieee80211_xmit __ieee80211_tx_skb_tid_band ieee80211_tx ieee80211_queue_skb ieee80211_tx_8023 ieee80211_build_hdr ieee80211_build_data_template ieee80211_clear_tx_pending ieee80211_add_pending_skb yenta_probe_cb_irq ieee80211_sta_ps_transition ieee80211_sta_ps_deliver_wakeup ieee80211_sta_uapsd_trigger ieee80211_free_txskb ieee80211_sta_ps_deliver_response ieee80211_subif_start_xmit ieee80211_subif_start_xmit_8023 cfg80211_control_port_tx_status ieee80211_purge_tx_queue cfg80211_gtk_rekey_notify ieee80211_gtk_rekey_notify __sta_info_destroy sta_info_destroy_addr ieee80211_sta_join_ibss __ieee80211_sta_join_ibss ieee80211_csa_connection_drop_work ieee80211_reconfig __ieee80211_disconnect audit_init ieee80211_ocb_leave ieee80211_leave_ocb __sta_info_destroy_part2 ieee80211_sta_expire ieee80211_cqm_rssi_notify cfg80211_cqm_rssi_notify ieee80211_handle_beacon_sig backlight_force_update ieee80211_tx_status ieee80211_report_low_ack ieee80211_cqm_beacon_loss_notify ieee80211_mgd_probe_ap cfg80211_conn_failed cfg80211_ch_switch_started_notify do_pipe_flags ieee80211_sta_process_chanswitch ieee80211_csa_finalize ext4_setent ieee80211_sta_rx_queued_ext nl80211_ch_switch_notify ieee80211_rx_mgmt_beacon ieee80211_color_change ieee80211_color_change_finalize ieee80211_channel_switch ieeee80211_obss_color_collision_notify cfg80211_dev_rename wiphy_register ipv4_link_failure cfg80211_process_deauth cfg80211_pernet_exit nl80211_notify_wiphy ieee80211_restart_work usbdev_mmap cfg80211_shutdown_all_interfaces nl80211_stop_p2p_device nl80211_send_scan_msg ___cfg80211_scan_done __cfg80211_scan_done cfg80211_auth_timeout nl80211_send_assoc_timeout cfg80211_assoc_timeout remap_pfn_range_notrack nl80211_send_ibss_bssid ieee80211_rx_list ieee80211_rx_napi ieee80211_tasklet_handler ieee80211_alloc_hw_nm remap_p4d_range nl80211_michael_mic_failure ieee80211_rx_h_michael_mic_verify ieee80211_rx_handlers sta_rx_agg_reorder_timer_expired cfg80211_rx_mlme_mgmt ___ieee80211_start_rx_ba_session ieee80211_process_addba_request cfg80211_propagate_cac_done_wk pktsched_init ieee80211_ibss_process_chanswitch ieee80211_iface_work ieee80211_if_change_type acpi_video_bus_remove ieee80211_change_iface ieee80211_stop_p2p_device ieee80211_dfs_cac_cancel __ieee80211_suspend ieee80211_suspend cfg80211_cac_event nl80211_radar_notify cfg80211_destroy_iface_wk cfg80211_destroy_ifaces ext4_da_write_end nl80211_new_interface reg_check_chans_work acpi_video_bus_add ieee80211_del_iface ieee80211_add_iface ieee80211_ibss_disconnect ieee80211_register_hw _cfg80211_unregister_wdev cfg80211_unregister_wdev ieee80211_unregister_hw cfg80211_event_work __cfg80211_leave cfg80211_process_wdev_events genlmsg_multicast_allns nl80211_stop_ap nl80211_send_ap_stopped cfg80211_change_iface __se_sys_setgroups16 __ia32_sys_setgroups16 arch_do_signal_or_restart io_worker_handle_work io_drain_req io_wq_enqueue ieee80211_handle_filtered_frame do_unlinkat do_coredump get_signal create_worker_cb __x64_sys_unlinkat __x64_sys_rmdir maybe_link do_name ieee80211_tx_status_ext do_rmdir __x64_sys_symlink __x64_sys_mknodat do_mknodat __ia32_sys_mknod __x64_sys_mkdirat __ia32_sys_mkdirat filename_create fcntl_setlease __x64_sys_rename filename_parentat selinux_policy_commit kern_path_locked vfs_path_lookup path_lookupat acpi_processor_stop do_filp_open ieee80211_gtk_rekey_add link_path_walk acpi_processor_notify path_openat do_file_open_root __ia32_sys_setregid try_lookup_one_len lookup_one security_inode_setxattr __x64_sys_mlock __ia32_sys_mlock __x64_sys_oldumount init_umount __x64_sys_acct blkdev_ioctl compat_blkdev_ioctl oom_score_adj_write tcp_congestion_default xfrm_netlink_rcv __ia32_sys_fsconfig __x64_sys_fspick ip_setsockopt ip_cmsg_send __x64_sys_lsetxattr __ia32_sys_setxattr path_setxattr __vfs_setxattr_locked pci_uevent_ers vfs_setxattr setxattr __ia32_sys_fsetxattr __x64_sys_lgetxattr __ia32_sys_lgetxattr __ia32_sys_getxattr __x64_sys_fgetxattr getxattr __ia32_sys_fgetxattr vfs_getxattr_alloc cap_inode_getsecurity __x64_sys_sethostname __se_sys_setpriority nv_self_test __x64_sys_ioctl i8042_init __se_sys_ioctl __ia32_sys_ioctl __x64_sys_mq_open selinux_inode_getsecctx mqueue_create_attr __ia32_sys_mbind __ia32_sys_linkat __ia32_sys_link __x64_sys_swapon __x64_sys_setgid __ia32_sys_setgid __x64_sys_setgid16 __x64_sys_mremap __do_sys_mremap __ia32_sys_mremap __ieee80211_roc_work __x64_sys_process_vm_writev ene_override process_vm_rw_single_vec process_vm_rw get_user_pages_unlocked find_active_uprobe noist_exc_machine_check noist_exc_debug ext4_ind_remove_space nl80211_send_sched_scan sysvec_spurious_apic_interrupt ext4_free_branches spurious_interrupt sysvec_apic_timer_interrupt sysvec_call_function_single sysvec_irq_work sysvec_kvm_posted_intr_nested_ipi sysvec_kvm_posted_intr_ipi common_interrupt exc_spurious_interrupt_bug exc_simd_coprocessor_error exc_coprocessor_error exc_general_protection ieee80211_release_reorder_timeout exit_to_user_mode_prepare uprobe_unregister __uprobe_unregister uprobe_register_refctr uprobe_register ext4_xattr_ibody_set uprobe_apply __x64_sys_remap_file_pages load_elf_library.17933 i915_gem_mmap_ioctl __ia32_sys_mmap_pgoff __x64_sys_mmap ksys_mmap_pgoff __ia32_compat_sys_io_setup mmap_region syscall_exit_to_user_mode_work do_int80_syscall_32 mmap_mem syscall_exit_work __x64_sys_kexec_load kstrdup_quotable_cmdline ptrace_request generic_ptrace_peekdata copy_strings sta_info_init call_usermodehelper_exec_async ext4_ext_handle_unwritten_extents copy_string_kernel __ia32_sys_unlinkat load_misc_binary pin_user_pages_fast_only pin_user_pages_fast i915_gem_object_userptr_submit_init get_user_pages_fast_only __gup_longterm_unlocked get_user_pages_fast iov_iter_get_pages __io_register_rsrc_update __x64_sys_io_uring_register pin_user_pages io_sqe_buffer_register io_sqe_buffers_register __do_sys_io_uring_register __x64_sys_get_mempolicy get_user_pages_locked request_nmi ieee80211_remove_interfaces lookup_node ieee80211_sdata_stop do_get_mempolicy ieee80211_if_remove __se_sys_get_mempolicy __ia32_sys_get_mempolicy fixup_user_fault sta_info_insert __x64_sys_process_madvise __ia32_sys_madvise compat_ksys_ipc __ia32_compat_sys_ipc ext4_xattr_block_set dump_user_range __ia32_sys_mknodat elf_core_dump create_elf_tables do_user_addr_fault exc_page_fault setup_arg_pages __x64_sys_setfsgid __ia32_sys_setfsgid __x64_sys_setfsgid16 __x64_sys_move_mount dmar_device_remove ipcget adl_hw_config __ia32_sys_rename load_elf_library ksys_unshare __ia32_sys_unshare init_unlink __x64_sys_removexattr __x64_sys_lremovexattr __ia32_sys_removexattr path_removexattr __x64_sys_fremovexattr security_inode_removexattr __vfs_removexattr_locked __ia32_sys_fremovexattr ieee80211_scan_cancel __ia32_sys_setuid16 user_path_create __ia32_sys_setreuid __ia32_compat_sys_open_by_handle_at __x64_sys_setreuid16 __ia32_sys_setreuid16 __x64_sys_tgkill ieee80211_mark_rx_ba_filtered_frames __ia32_sys_rt_tgsigqueueinfo __ia32_sys_tkill __ia32_sys_tgkill sel_write_member __ia32_compat_sys_rt_tgsigqueueinfo __x64_sys_process_vm_readv __x64_sys_rt_sigqueueinfo syscall_exit_to_user_mode __ia32_sys_rt_sigqueueinfo __ia32_compat_sys_rt_sigqueueinfo io_prep_rw __x64_sys_kill __se_sys_kill irqentry_exit __ia32_sys_kill ctrl_alt_del fn_boot_it vt_ioctl change_console kill_pid cfg80211_register_netdevice __kill_pgrp_info kill_pid_info zap_pid_ns_processes do_SAK_work user_path_at_empty __ia32_sys_setresuid __ia32_sys_setresuid16 vfs_dedupe_file_range __x64_sys_seccomp __ia32_sys_seccomp __x64_sys_prctl prctl_set_seccomp __do_sys_prctl __x64_sys_pivot_root uevent_net_rcv tg3_start do_mkdirat __do_sys_vfork __ia32_sys_clone __ia32_compat_sys_ia32_clone _ext4_get_block sta_info_destroy_addr_bss call_usermodehelper_exec_work __x64_sys_sched_setaffinity cn_proc_init __se_sys_fcntl do_compat_fcntl64 __ia32_compat_sys_fcntl sg_io scsi_ioctl scsi_bsg_sg_io_fn ieee80211_resume scsi_bsg_register_queue sg_ioctl sg_new_write snapshot_compat_ioctl unix_seqpacket_sendmsg __ia32_sys_keyctl __ia32_compat_sys_keyctl __ieee80211_request_smps_mgd io_req_task_submit io_poll_task_func io_sq_thread io_uring_create cfg80211_tx_mlme_mgmt __ia32_sys_io_uring_setup __io_queue_sqe io_submit_sqe io_submit_sqes nl80211_init __se_sys_io_uring_enter uart_port_activate __ia32_sys_io_uring_enter io_issue_sqe ieee80211_tx_pending lo_compat_ioctl __ia32_sys_reboot dm_compat_ctl_ioctl tty_ldisc_failto tty_set_ldisc tty_ldisc_init __se_sys_socketcall sel_write_load __x64_sys_setsockopt sock_setsockopt ieee80211_send_addba_with_timeout __sys_setsockopt msg_zerocopy_alloc msg_zerocopy_realloc __x64_sys_timerfd_settime __ia32_sys_timerfd_settime32 rtnl_newlink do_setlink rtnl_setlink netlbl_calipso_genl_init rtnetlink_init netlink_proto_init nl80211_send_disconnected rtnetlink_rcv do_renameat2 tc_filter_init copy_pte_range __unmap_pmd_range cfg80211_nan_match try_grab_page kcalloc.31184 drm_sysfs_hotplug_event put_and_wait_on_page_locked phys_pte_init copy_p4d_range __next_mem_range_rev blk_mq_handle_dev_resource __ia32_sys_mkdir elf_map blk_mq_sched_mark_restart_hctx ext4_ext_replay_update_ex copy_hugetlb_page_range copy_user_gigantic_page free_swap_cache vm_mmap_pgoff reciprocal_value follow_huge_pud ___pmd_free_tlb ___pud_free_tlb do_SYSENTER_32 blk_mq_flush_busy_ctxs acpi_tb_parse_fadt update_cache_mode_entry autofs_root_compat_ioctl update_page_count acpi_bios_warning pcpu_block_refresh_hint adjust_zone_range_for_zone_movable lruvec_init __x64_sys_setresgid16 ldt_dup_context acpi_irq_stats_init copy_page_range __memblock_find_range_top_down zap_pte_range wp_page_copy fwnode_count_parents finish_mkwrite_fault ieee80211_mgd_disassoc mempolicy_slab_node acpi_find_root_pointer fwnode_get_nth_parent __ia32_sys_process_vm_writev __se_sys_rt_sigqueueinfo __load_ucode_intel dev_pm_set_dedicated_wake_irq ip6_string blk_mq_try_issue_list_directly follow_huge_pmd ieee80211_add_pending_skbs calc_load_nohz_stop calc_load_nohz_start sched_idle_set_state fw_devlink_relax_cycle ip4_string exc_invalid_op date_str kern_path_create acpi_gsi_to_irq tc_action_init __ia32_sys_clone3 blk_mq_do_dispatch_sched __memblock_find_range_bottom_up blk_mq_do_dispatch_ctx __do_sys_remap_file_pages blk_mq_dispatch_rq_list copy_user_huge_page __se_sys_keyctl huge_pmd_share reset_vma_resv_huge_pages vma_interval_tree_insert_after uprobe_dup_mmap uprobe_start_dup_mmap kmem_cache_flags page_move_anon_rmap blk_insert_flush __rq_qos_track __rq_qos_cleanup __rq_qos_throttle __blk_mq_sched_bio_merge ext4_compat_ioctl smca_set_misc_banks_map ip6_compressed_string ieee80211_deauth pud_set_huge calculate_sizes __se_sys_io_setup unlink_file_vma __x64_sys_setgroups16 ldt_arch_exit_mmap drm_mode_object_find vmemmap_p4d_range ieee80211_ibss_leave follow_huge_addr disable_err_thresholding acpi_ev_install_sci_handler sta_apply_parameters lru_note_cost drm_mode_getproperty_ioctl acpi_os_get_root_pointer do_wp_page dev_pm_qos_constraints_destroy pfn_range_is_mapped hugetlb_cow ext4_collapse_range io_wqe_enqueue pti_user_pagetable_walk_p4d lru_note_cost_page efi_mem_desc_lookup efi_memmap_split_count sysvec_irq_move_cleanup efi_memmap_insert prb_final_commit ___p4d_free_tlb compat_ksys_old_shmctl acpi_tb_validate_temp_table acpi_tb_override_table free_pud_range zone_absent_pages_in_node acpi_tb_parse_root_table fwnode_is_ancestor_of fw_devlink_create_devlink __down_timeout init_entity_runnable_average __x64_sys_init_module security_kernfs_init_security __ia32_sys_acct parse_options.34918 irq_chip_retrigger_hierarchy clear_shadow_from_swap_cache ieee80211_tx_ba_session_handle_start exc_coproc_segment_overrun special_hex_number pm_wakeup_source_sysfs_add wakeup_kswapd try_to_free_pages zap_p4d_range sprint_backtrace_build_id earlycon_print_info arch_tlbbatch_flush __pte_alloc_kernel __pagevec_lru_add_fn ieee80211_stop_tx_ba_cb pcpu_next_fit_region tick_nohz_stop_tick rcu_report_dead nl80211_send_auth_timeout fwnode_full_name_string get_links sel_open_policy rtc_str fpu__init_cpu_xstate unix_compat_ioctl acpi_tb_get_next_table_descriptor __blk_mq_sched_dispatch_requests should_reclaim_retry __perf_event_task_sched_out efi_memmap_install fault_dirty_shared_page exc_overflow time64_str do_swap_page init_currently_empty_zone kill_pgrp acpi_ut_set_integer_width compaction_zonelist_suitable sprint_backtrace local_touch_nmi cyc2ns_read_end __migration_entry_wait cpuidle_enter_state tracing_start_sched_switch ieee80211_assoc p4d_clear_huge cyc2ns_read_begin alloc_debug_processing kmalloc_fix_flags account_idle_ticks tick_nohz_restart_sched_tick kmem_cache_open nohz_balance_enter_idle stop_machine_unpark memblock_find_in_range_node tick_nohz_get_next_hrtimer smca_configure drm_mode_getblob_ioctl __se_sys_process_madvise acpi_os_install_interrupt_handler dump_unreclaimable_slab cfg80211_ft_event ieee80211_csa_finalize_work integrity_inode_free fwnode_get_next_available_child_node wake_up_idle_cpu follow_p4d_mask workingset_age_nonresident vmf_insert_pfn event_sched_in pcpu_block_update_hint_alloc pgdat_init_internals plist_requeue __static_call_transform e820__range_update cpu_stop_create memblock_find_in_range _set_memory_wb _set_memory_wc mtrr_type_lookup_variable _set_memory_wt ext4_page_mkwrite intel_filter_mce drm_wait_vblank_ioctl prepare_threshold_block __mcheck_cpu_cap_init driver_deferred_probe_add load_ucode_amd_ap ieee80211_ba_session_work load_ucode_intel_ap ext4_change_inode_journal_flag get_dump_page vmap_p4d_range efi_memmap_alloc __cpuset_memory_pressure_bump ieee80211_tx_prepare_skb put_links group_balance_cpu slab_out_of_memory swp_swap_info acpi_ns_local acpi_ut_create_update_state cgroup_css_set_put_fork dev_queue_xmit_nit dev_hard_start_xmit drm_property_lookup_blob wake_up_sem_queue_prepare validate_xmit_skb_list __qdisc_calculate_pkt_len sk_filter_uncharge set_default_qdisc wake_const_ops timens_on_fork shm_init_ns __x64_sys_setgroups msg_init_ns sem_init_ns current_save_fsgs tick_unfreeze tick_resume_broadcast tick_freeze uprobe_clear_state anon_vma_interval_tree_insert __mmu_notifier_release is_software_node anon_vma_interval_tree_remove free_pgtables dup_mm isolate_movable_page mac_address_string nl80211_set_wiphy insert_vmap_area_augment uprobe_munmap __tlb_remove_page_size __swap_entry_free_locked unmap_single_vma sysvec_kvm_posted_intr_wakeup_ipi fwnode_remove_software_node mn_itree_inv_end __x64_sys_clone3 acpi_ev_init_global_lock_handler dump_header tracing_start_tgid_record __x64_sys_setregid16 destroy_context_ldt acpi_tb_create_local_fadt acpi_penalize_sci_irq dl_param_changed fpu__init_cpu mce_amd_feature_init acpi_tb_put_table lru_cache_add_inactive_or_unevictable follow_hugetlb_page memblock_free_pages try_ram_remap __e820__mapped_all __rq_qos_done_bio down_timeout swapcache_free_entries phys_p4d_init cn_netlink_send_mult free_p4d_range acpi_tb_acquire_table __swap_count submit_bio_checks early_memremap_pgprot_adjust __early_set_fixmap acpi_os_map_iomem create_io_thread lockref_put_return punt_bios_to_rescuer acpi_tb_notify_table shmem_lock acpi_get_subtable_type rcu_note_context_switch earlycon_map find_cpio_data register_earlycon __handle_mm_fault pin_user_pages_remote acpi_tb_install_table_with_override __ia32_sys_process_vm_readv do_rt_sigqueueinfo memtype_erase driver_deferred_probe_del inat_get_escape_attribute inat_get_last_prefix_id inat_get_group_attribute account_page_cleaned __down acpi_install_table e1000_open show_pwq sched_setattr_nocheck isolate_lru_pages trace_print_bprintk_msg_only pgd_free get_stack_info apic_smt_update acpi_tb_checksum vt_set_leds_compute_shiftstate put_dec_full8 cgroup_cancel_fork number trace_rpm_resume_rcuidle acpi_device_notify pick_next_task_fair __dquot_alloc_space account fw_devlink_parse_fwtree swapcache_prepare wake_up_nohz_cpu init_scattered_cpuid_features kernfs_iop_listxattr fwnode_get_next_parent_dev rcu_eqs_exit device_is_dependent sysfs_update_groups dpm_sysfs_remove oom_adj_write devtmpfs_delete_node delete_node device_remove_attrs device_links_busy nl80211_wiphy_netns pat_bp_init dev_vprintk_emit __sprint_symbol cfg80211_probe_status __swp_swapcount __reset_isolation_pfn __x64_sys_symlinkat __prepare_to_swait vm_fault_ttm do_symlinkat __finish_swait rmqueue_pcplist migration_entry_wait acpi_hw_gpe_write cpuidle_select acpi_hw_validate_io_request acpi_hw_validate_register rt_mutex_adjust_pi flush_tlb_local timer_clear_idle radix_tree_extend __fsnotify_inode_delete kernfs_new_node blk_stat_add_callback trace_rpm_idle_rcuidle trace_rpm_suspend_rcuidle tick_nohz_idle_enter __rpm_callback trace_rpm_return_int_rcuidle __x64_sys_open_tree __early_ioremap __se_sys_mbind irq_setup_affinity register_handler_proc acpi_ev_get_gpe_xrupt_block acpi_ut_get_mutex_name dev_pm_disable_wake_irq_check acpi_ev_initialize_events blk_stat_add ext4_da_reserve_space laptop_io_completion device_pm_remove __ia32_sys_mount drain_zone_pages seg6_init acpi_initialize_tables check_irq_resend ext4_add_entry put_task_struct_rcu_user sel_write_validatetrans nl80211_send_deauth fwnode_string wakeup_source_destroy mod_zone_page_state cfg80211_cqm_txe_notify free_swap_slot pm_runtime_remove clocksource_start_suspend_timing acpi_hw_validate_io_block security_inode_alloc nl80211_send_rx_assoc device_node_string sort_r acpi_ev_install_xrupt_handlers __delayacct_freepages_start poll_state_synchronize_srcu lo_ioctl current_cpuset_is_being_rebound free_unref_page_list init_dl_inactive_task_timer ip4_addr_string pm_runtime_new_link clocksource_resume __delayacct_freepages_end ieee80211_sched_scan_stopped_work __cpuhp_state_add_instance_cpuslocked __perf_event_task_sched_in acpi_video_switch_brightness try_to_del_timer_sync calibration_delay_done hw_breakpoint_restore leave_mm list_slab_objects vsscanf blk_mq_request_bypass_insert __alloc_pages_direct_compact pcpu_find_block_fit pcpu_alloc_area ieee80211_hw_roc_start kcalloc.14684 cd_forget update_sd_lb_stats insert_vmap_area trace_printk_control __fw_devlink_link_to_suppliers vmap_pages_range_noflush do_symlink find_get_pages_range_tag ttwu_do_wakeup inc_rlimit_get_ucounts seq_vprintf check_tsc_unstable __blk_mq_insert_request sbitmap_queue_wake_up __wait_rcu_gp e1000_request_irq sprint_symbol_build_id pm_qos_update_flags __schedule_bug __delete_from_swap_cache __kernel_text_address wq_worker_sleeping ieee80211_prepare_and_rx_handle file_dentry_name __x64_sys_execveat filter_cpuid_features __ia32_compat_sys_fcntl64 flush_tlb_all __radix_tree_replace vsprintf azx_resume inat_get_avx_attribute tick_get_wakeup_device bitmap_string ext4_bread_batch drm_mode_cursor2_ioctl print_tainted move_to_new_page prepare_task_switch cfg80211_init srcu_funnel_exp_start io_wq_worker_running memcmp_pages shmctl_do_lock sysfs_remove_dir vprintk_store trace_event_follow_fork sel_read_policy nl80211_send_disassoc ptr_to_id add_to_swap ieee80211_sta_rx_queued_mgmt cpuset_print_current_mems_allowed nl80211_send_rx_auth flags_string __crash_kexec slab_pad_check vprintk_deferred trace_print_printk_msg_only text_poke_early nfnetlink_send lockref_mark_dead shrink_zones bitmap_list_string __blk_mq_issue_directly crash_smp_send_stop __queue_delayed_work ext4_mb_new_blocks move_freepages_block migration_entry_wait_huge cpuidle_enter cfg80211_stop_sched_scan_req workingset_eviction __pagevec_lru_add __isolate_lru_page_prepare trace_print_bputs_msg_only zone_watermark_ok show_stack ieee80211_stop_nan try_to_unmap_flush_dirty genl_register_family arch_cpu_idle audit_tree_match kernel_map_pages_in_pgd kauditd_thread vmemmap_remap_free __ia32_sys_shmat trace_console_rcuidle i915_driver_postclose cgroup_free hex_string __x64_sys_delete_module drm_mode_revoke_lease_ioctl cpuidle_find_deepest_state uuid_string sched_set_fifo_low move_pages_to_lru __se_sys_clone3 dump_cpu_task oom_kill_process resource_string seq_buf_putmem __x64_sys_unlink swake_up_all_locked ext4_bread drm_mode_cursor_common __hrtimer_start_range_ns __cfg80211_ibss_joined show_free_areas purge_fragmented_blocks_allcpus __x64_sys_setresuid16 switch_ldt blk_mq_flush_plug_list cfg80211_rfkill_block_work __early_pfn_to_nid wq_worker_running device_pm_add ext4_empty_dir __delayacct_thrashing_end ptrace_readdata need_active_balance __cgroup_task_count ring_buffer_reset_online_cpus __ring_buffer_alloc schedule_idle io_wq_worker_sleeping __kernfs_new_node perf_event_init_task __do_sys_fork constrained_alloc __up anon_vma_fork check_bytes_and_report nl80211_send_mlme_timeout defer_console_output __oom_kill_process blk_mq_sched_assign_ioc cpuhp_report_idle_dead PageMovable balance_dirty_pages rtc_dev_compat_ioctl add_to_page_cache_locked scan_swap_map_try_ssd_cluster cyc2ns_init_boot_cpu bdev_name chacha_block_generic ring_buffer_peek compact_finished cfg80211_propagate_radar_detect_wk unmap_vmas arch_cpu_idle_prepare __vma_unlink_list move_hugetlb_state ext4_process_orphan string ieee80211_roc_notify_destroy skip_atoi shm_destroy show_iret_regs wakeup_source_sysfs_remove __sta_info_flush dec_zone_page_state calculate_node_totalpages flush_workqueue_prep_pwqs put_dec_trunc8 cgroup_post_fork sysvec_reschedule_ipi free_unref_page_commit dentry_name device_links_driver_cleanup __audit_syscall_exit page_referenced irq_pm_install_action exit_creds __x64_sys_socketcall console_flush_on_panic snd_dma_continuous_mmap apply_workqueue_attrs pm_runtime_init ring_buffer_change_overwrite console_unblank slab_fix device_links_unbind_consumers __ia32_sys_setuid irq_activate node_reclaim __delayacct_blkio_start ip_rcv read_current_timer __ia32_compat_sys_shmat clock_was_set_delayed sysfs_delete_link ieee80211_open get_nohz_timer_target reg_regdb_apply sched_numa_find_closest __sbitmap_queue_get_shallow tick_nohz_idle_exit dump_stack_lvl alloc_vfsmnt __wake_up_locked_key_bookmark default_idle_call acpi_tb_invalidate_table __rb_allocate_pages rcu_eqs_enter tracing_stop_tgid_record cpu_idle_poll alloc_mnt_ns in_gate_area tick_nohz_idle_restart_tick tick_check_broadcast_expired follow_page_mask __ia32_sys_chroot copy_mnt_ns __x64_sys_setresgid swake_up_locked apply_trace_boot_options unaccount_page_cache_page panic_smp_self_stop seq_buf_putmem_hex security_cred_free pcpu_free_area fsnotify_compare_groups __irq_domain_activate_irq blk_mq_handle_zone_resource do_clear_cpu_cap text_poke_loc_init __vm_enough_memory __kobject_del ring_buffer_size module_put fwnode_handle_put __nodes_weight.15272 ieee80211_send_action_csa allocate_slab __rb_erase_color vm_normal_page ieee80211_set_disassoc __detach_mounts compat_ksys_shmctl retrigger_next_event cgroup_can_fork __pm_runtime_set_status __x64_sys_chroot earlycon_init trace_find_next_entry sort_extable alloc_large_system_hash nr_iowait_cpu get_next_ino refcount_dec_and_lock_irqsave lookup_constant __ia32_sys_init_module bio_endio ieee80211_recalc_sw_work acpi_get_override_irq zap_page_range_single rb_insert_color __slab_free rmqueue rt_mutex_adjust_prio_chain create_worker_cont xas_load sched_clock_tick cfg80211_dfs_channels_update_work percpu_ref_init compat_ksys_msgctl account_kernel_stack cpudl_cleanup pcpu_get_vm_areas find_microcode_in_initrd do_madvise inode_init_always copy_from_user_nmi put_dec arch_asym_cpu_priority sysvec_threshold security_task_alloc __node_distance inode_update_time flush_all_cpus_locked rmap_walk_file ieee80211_scan_work pagevec_lookup_range_tag e820_print_type __irq_get_desc_lock save_microcode_patch _atomic_dec_and_lock_irqsave __free_pages vprintk_default __x64_sys_setreuid __wait_on_bit vfs_parse_fs_param __do_munmap kernel_execve __synchronize_srcu __drm_mode_object_find page_mapping phys_pmd_init __ksize rb_set_head_page klist_init congestion_wait complete __mmu_notifier_subscriptions_destroy __next_zones_zonelist __setparam_dl fill_pud arch_uprobe_analyze_insn __page_mapcount mp_register_ioapic_irq rcu_segcblist_pend_cbs apply_constraint apply_microcode_early memblock_free init_rmdir vfs_removexattr ring_buffer_iter_advance e1000_diag_test xhci_run clean_path __ia32_sys_pivot_root ttwu_do_activate shrink_active_list security_task_free _raw_spin_trylock unix_stream_sendmsg mutex_lock wiphy_regulatory_register switch_mm_irqs_off __x64_sys_setuid16 load_mm_ldt show_workqueue_state pointer copy_thread lru_cache_add trace_empty init_wait_entry blk_update_request __ia32_sys_setsockopt e820__range_remove _atomic_dec_and_lock vscnprintf netif_skb_features alloc_low_pages pit_hpet_ptimer_calibrate_cpu insn_decode acpi_os_delete_semaphore wait_for_common_io read_pci_config blk_attempt_plug_merge __clocksource_register_scale set_fs_root fwnode_get_name seq_buf_vprintf p4d_populate_init errseq_set mntput trace_seq_printf tick_nohz_idle_retain_tick __dentry_kill insn_get_immediate __pm_pr_dbg genl_rcv nl80211_set_reg intel_init_lmce alloc_chunk __copy_skb_header lockref_get __bitmap_set sr_block_ioctl track_pfn_copy dput __kernfs_remove wait_for_device_probe exc_device_not_available register_leaf_sysctl_tables core_kernel_text pm_qos_sysfs_remove_resume_latency __kmem_cache_create print_trace_line parse_args zap_page_range __kmalloc_node bcmp do_mmap timerfd_resume clear_cpu_cap dquot_transfer __ia32_sys_mmap _find_next_bit register_pernet_operations dmi_check_system prep_compound_gigantic_page clear_nlink memblock_search_pfn_nid do_smart_update unblank_screen blk_start_plug security_sb_free device_pm_lock acpi_ev_gpe_initialize tlb_flush_mmu kvmalloc_node __free_slab _printk_deferred machine_crash_shutdown mutex_lock_killable console_verbose notify_user_space sock_diag_broadcast_destroy cfg80211_exit __ia32_sys_io_uring_register cleanup_mnt ext4_xattr_inode_read arch_perf_update_userpage kernfs_find_and_get_ns prepend_path __pm_runtime_disable perf_swevent_event __ia32_sys_open_by_handle_at set_origin _mix_pool_bytes __cfg80211_send_event_skb __blk_queue_split pm_runtime_enable reuse_swap_page __rq_qos_done ktime_get_coarse_real_ts64 radix_tree_iter_tag_clear flush_tlb_kernel_range pcie_pme_probe ext4_mkdir ptrace_notify split_lock_verify_msr set_orig_insn copy_from_kernel_nofault_allowed rcu_segcblist_advance idr_alloc intel_guc_engine_failure_process_msg trace_find_cmdline _raw_spin_lock migrate_pages register_filesystem tracing_set_tracer mp_find_ioapic __ia32_sys_fsmount init_dl_task_timer __ia32_sys_symlink load_script put_task_stack audit_log_n_hex optimize_nops acpi_os_write_port ieee80211_sta_ps_deliver_poll_response slab_err inc_nlink ieee80211_txq_teardown_flows security_audit_rule_match gfp_pfmemalloc_allowed sysvec_thermal __mmu_notifier_change_pte ida_alloc_range __const_udelay cpu_detect prb_first_valid_seq xas_clear_mark acpi_os_stall __ia32_sys_prctl lookup_one_len msr_read.28423 prb_read_valid shm_destroy_orphaned move_queued_task __pm_runtime_resume d_lookup cond_mitigation first_online_pgdat propagate_entity_load_avg kmsg_read ieee80211_sta_work percpu_counter_set tick_do_update_jiffies64 atomic_dec_and_mutex_lock print_trailer xas_nomem unlock_new_inode __ia32_sys_open_tree ttwu_stat shrink_node prb_commit do_trace_read_msr ioctx_alloc find_mergeable_anon_vma memblock_add_range __se_sys_sched_setattr unreserve_highatomic_pageblock bio_put __get_vm_area_node kfree_const drm_mode_gamma_get_ioctl kmalloc_array.11149 ieee80211_sta_tear_down_BA_sessions __d_lookup_done ieee80211_report_wowlan_wakeup sysvec_x86_platform_ipi get_mm_exe_file early_memunmap clone_mnt wake_up_new_task free_area_init_core add_wait_queue_exclusive ieee80211_stop_ap __mod_timer do_idle drm_file_free ll_back_merge_fn acpi_bind_one prepare_set __get_user_pages_remote generic_ptrace_pokedata security_vm_enough_memory_mm xas_find ieee80211_process_measurement_req msr_clear_bit _prb_read_valid shm_try_destroy_orphaned set_task_cpu plist_add show_trace_log_lvl drm_mode_obj_set_property_ioctl calc_global_load cfg80211_notify_new_peer_candidate pgd_populate_init cn_netlink_send vmemmap_remap_alloc page_mapped pmd_free_pte_page text_poke_bp_batch add_timer_on assoc_array_insert rcu_segcblist_init release_user_cpus_ptr trace_set_options wakeup_flusher_threads nmi_uaccess_okay cgroup_apply_control irq_init_percpu_irqstack ring_buffer_attach blk_mq_dequeue_from_ctx tracefs_create_dir __ia32_compat_sys_ptrace vmap_pages_p4d_range hide_cursor css_tryget_online_from_dir __x64_sys_execve cpumask_next_wrap acpi_hw_write_multiple acpi_ec_dsdt_probe ext4_evict_inode lockref_put_or_lock kernel_thread __kmalloc swap_free arch_memremap_can_ram_remap __xfrm_state_destroy create_setparam interval_tree_iter_first security_free_mnt_opts kfree_skb_list nl80211_send_roamed bio_split create_elf_tables.17943 kernfs_create_dir_ns count_subheaders __zone_watermark_ok prepare_creds radix_tree_iter_replace vfs_rmdir tg3_open __init_swait_queue_head kobject_init_and_add irq_domain_deactivate_irq sysfs_slab_unlink __cpuhp_setup_state send_signal in_task_stack munlock_vma_page __mnt_want_write_file tty_audit_fork fprop_global_init __put_cred exc_bounds clocksource_default_clock _raw_spin_lock_bh down_write pcmcia_request_irq do_page_add_anon_rmap calibrate_delay_is_known pwq_adjust_max_active copy_from_kernel_nofault kernfs_remove_by_name_ns access_remote_vm pm_qos_read_value get_symbol_pos __cpuhp_remove_state machine_check_poll acpi_os_write_memory init_worker_pool register_irq_proc __io_uring_free d_set_d_op kthread_probe_data fc_drop_locked ti12xx_override vfree_atomic nv_request_irq new_inode audit_log_exit autofs_root_ioctl audit_watch_compare __nlmsg_put rcu_segcblist_first_pend_cb clockevents_shutdown hrtimers_resume_local pick_next_entity ipc_obtain_object_check ieee80211_process_delba __clocksource_select __pageblock_pfn_to_page xa_erase d_delete lru_add_drain_cpu ieee80211_csa_connection_drop_work.72861 __sys_setresuid swake_up_one ieee80211_color_change_finalize_work nohz_run_idle_balance clear_IO_APIC kobject_set_name_vargs scan_microcode memblock_double_array put_cred_rcu acpi_battery_notify iov_iter_get_pages_alloc debugfs_create_file __debugfs_create_file bio_attempt_back_merge ext4_mpage_readpages kthread_is_per_cpu ext4_iomap_begin pud_clear_huge blk_account_io_done init_timer_key d_invalidate acpi_bios_error down_write_trylock apply_wqattrs_prepare walk_system_ram_range mask_irq queued_write_lock_slowpath fsnotify_destroy_marks free_swap_and_cache acpi_os_wait_semaphore list_lru_add wb_wakeup_delayed amd_filter_mce fsnotify_put_group __perf_event_account_interrupt filemap_fdatawait_range ext4_alloc_file_blocks allocate_file_region_entries __mark_inode_dirty exc_divide_error wake_up_page_bit net_ratelimit trace_printk_init_buffers iommu_dma_mmap propagate_mount_unlock ieee80211_start_tx_ba_cb acpi_hw_set_mode netlbl_cipsov4_genl_init shrink_dcache_parent ieee80211_send_bar free_time_ns key_put posix_lock_inode __x64_sys_adjtimex_time32 trace_buffered_event_enable unmap_page_range ext4_zero_range __vma_reservation_common writeback_single_inode inode_permission acpi_ns_install_node mntget io_schedule get_zeroed_page __ieee80211_tx find_next_best_node debugfs_create_dir cpumask_weight.5796 isolate_or_dissolve_huge_page io_wq_submit_work fsnotify_free_mark nsec_to_clock_t do_shmat console_unlock audit_gid_comparator unwind_get_return_address device_set_wakeup_capable ieee80211_s1g_rx_twt_action dev_set_name __ia32_sys_setfsgid16 cgroup_apply_cftypes acpi_get_table_header audit_log_n_string int_sqrt alloc_pages ieee80211_key_link logfc __do_SAK __cancel_dirty_page __try_to_reclaim_swap ip_rcv_finish ieee80211_key_free __fprop_inc_percpu_max do_syscall_64 update_srbds_msr __swap_duplicate io_queue_async_work proc_free_inum cgroup_file_notify __unmap_hugepage_range __get_locked_pte is_module_text_address ntp_tick_length skb_put kernfs_path_from_node rcu_sync_func signal_wake_up_state ring_buffer_record_disable ip4_addr_string_sa pm_runtime_drop_link key_alloc put_swap_page machine_kexec acpi_ut_create_update_state_and_push __update_load_avg_se __x64_sys_madvise mce_setup __kernfs_create_file pagevec_lru_move_fn static_key_slow_inc_cpuslocked exit_thread select_fallback_rq __mmu_notifier_invalidate_range_end __printk_ratelimit interval_tree_iter_next get_task_pid nr_context_switches __ia32_compat_sys_io_submit pr_cont_kernfs_name bus_probe_device try_grab_compound_head acpi_tb_verify_checksum static_key_enable_cpuslocked __mmap_lock_do_trace_acquire_returned hrtimer_reprogram blk_mq_sched_dispatch_requests __kmem_cache_alias __find_next_entry audit_ctl_unlock gcd do_vfs_ioctl tick_get_device __thaw_task llist_del_first vma_is_secretmem acpi_clear_event ieee80211_mgd_deauth __percpu_counter_init free_exit_list vzalloc_node __unfreeze_partials exit_files __text_poke walk_to_pmd __flush_tlb_all parse_slub_debug_flags text_poke_queue __virt_addr_valid add_timer assoc_array_cancel_edit rcu_cpu_starting acpi_os_release_lock __vmalloc_node_range data_alloc __add_to_page_cache_locked mark_page_accessed strchrnul sysvec_call_function time_and_date wake_up_klogd free_pcppages_bulk drm_lease_filter_crtcs exc_segment_not_present __printk_safe_enter xas_store user_enable_single_step register_reboot_notifier shmem_swapin_page __x64_sys_link kvfree_call_rcu __update_and_free_page io_wqe_worker xas_init_marks perf_pmu_register free_debug_processing allocate_trace_buffers unwind_get_return_address_ptr __audit_inode_child rcu_gp_is_expedited complement_pos wake_q_add_safe __ftrace_event_enable_disable arch_cpu_idle_enter audit_put_chunk add_to_swap_cache bus_remove_device machine_emergency_restart rcu_sync_init stack_trace_save vc_is_sel tick_broadcast_oneshot_control __ftrace_set_clr_event_nolock software_node_notify_remove irq_set_affinity_locked trace_find_tgid __lock_task_sighand alloc_buddy_huge_page unmap_mapping_range tracing_update_buffers check_vma_flags __alloc_percpu verify_patch tlb_finish_mmu acpi_tb_verify_temp_table proc_remove refcount_warn_saturate profile_handoff_task invalidate_batched_entropy do_notify_parent_cldstop trace_handle_return unmap_mapping_pages __ia32_compat_sys_socketcall queue_work_node kobject_get_ownership selnl_notify_policyload register_die_notifier ring_buffer_event_data kernel_clone jiffies_to_usecs schedule_hrtimeout_range_clock __radix_tree_preload __ia32_sys_execveat acpi_hw_read_multiple cpumask_next __d_instantiate microcode_sanity_check drm_mode_getplane simple_set_acl audit_classify_syscall hrtimer_init_sleeper cfg80211_remain_on_channel_expired static_key_disable static_key_disable_cpuslocked bitmap_fold devtmpfs_create_node __radix_tree_delete cfg80211_stop_ap clear_selection __x64_sys_mmap_pgoff wake_up_state try_module_get __set_cyc2ns_scale quota_send_warning user_enable_block_step start_creating.24126 drm_master_open __sbitmap_queue_get __ia32_sys_timerfd_create blk_mq_get_driver_tag __create_dir get_task_mm trace_clock_local get_shadow_from_swap_cache panic ttm_bo_vm_dummy_page __x64_sys_swapoff set_tracer_flag seq_bprintf __ia32_sys_fsopen page_is_ram start_poll_synchronize_srcu srcu_gp_start_if_needed __free_pages_core yield sysfs_create_file_ns __alloc_file enable_step shmem_add_to_page_cache tracefs_create_file __cpuhp_state_remove_instance ktime_get tsc_read_refs ieee80211_add_station calc_wheel_index arch_static_call_transform ext4_insert_range create_io_worker write_inode_now ext4_init_orphan_info acpi_ut_valid_name_char auditd_test_task firmware_map_add_entry __ieee80211_channel_switch put_unbound_pool sched_setattr __x64_sys_renameat acpi_ns_externalize_name unix_dgram_sendmsg do_arch_prctl_64 blkdev_issue_discard proc_entry_rundown queued_read_lock_slowpath send_sig cn_cb_equal irq_shutdown acpi_ns_internalize_name nla_put_64bit iounmap acpi_ut_allocate_object_desc_dbg __ia32_sys_swapoff proc_register csum_partial sysfs_create_link simple_strtoul slab_bug ftrace_set_clr_event ioremap_wc hpet_compat_ioctl ieee80211_mgd_assoc policy_nodemask __update_load_avg_cfs_rq dec_rlimit_ucounts ioremap_change_attr list_del_event complete_all acpi_tb_validate_rsdp _free_event find_kallsyms_symbol posix_clock_realtime_adj acpi_info set_memory_nx vmalloc_to_page __jump_label_update put_callchain_buffers kernfs_destroy_root sysvec_deferred_error is_subdir find_mergeable klist_next kobj_kset_leave ring_buffer_resize vt_event_post cfg80211_netdev_notifier_call __x64_sys_umount dput_to_list rcuwait_wake_up audit_ctl_lock match_string __mutex_lock_killable_slowpath __audit_free wake_up_var dock_notify using_native_sched_clock wakeup_sysfs_add pid_task simple_strtoull clock early_printk set_page_dirty_lock vsnprintf __ia32_sys_sched_setattr cgroup_propagate_frozen audit_log_end cgroup_setup_root audit_log_start get_task_exe_file strscpy nl80211_notify_iface cgroup_migrate_finish kobject_uevent_env drm_mode_getfb tracing_stop_cmdline_record __ia32_sys_sched_setparam key_set_index_key __vfs_getxattr retain_dentry percpu_down_write propagate_umount fsnotify mod_delayed_work_on ieee80211_sta_pspoll copy_ipcs audit_filter_inodes netlink_has_listeners cmos_platform_probe __ia32_sys_kexec_load __x64_sys_setpriority locks_remove_posix wait_on_page_bit_common percpu_up_write truncate_inode_pages_range audit_kill_trees clear_page_mlock find_get_entries acpi_ut_add_reference swap_do_scheduled_discard ext4_da_write_begin nl80211_set_interface unregister_handler_proc acpi_exception has_bh_in_lru __mod_node_page_state handle_mm_fault cfg80211_ch_switch_notify fsnotify_get_mark __skb_clone prune_tree_chunks vfs_get_tree access_process_vm hugetlb_basepage_index exit_sem sysfs_warn_dup snd_pcm_lib_mmap_iomem __device_attach irq_do_set_affinity cpuset_mem_spread_node page_get_anon_vma print_track ext4_ext_map_blocks atomic_notifier_call_chain bstr_printf deactivate_slab put_files_struct locks_release_private sched_clock_idle_sleep_event acpi_init ext4_convert_unwritten_extents __key_link ext4_readdir fsnotify_find_mark radix_tree_next_chunk free_cgroup_ns skb_under_panic __ktime_get_real_seconds __cpa_process_fault ns_capable do_execveat_common cgroup1_check_for_release device_pm_move_last blk_mq_end_request ptrace_writedata security_capable __mutex_unlock_slowpath vfs_parse_fs_string free_pid pm_suspended_storage mnt_change_mountpoint lwt_in_func_proto perf_event_comm device_release_driver acpi_os_create_semaphore filter_mce smp_call_function_many_cond subtract_range sha1_transform timekeeping_advance idt_setup_from_table insn_rip_relative bus_for_each_drv cpuidle_get_cpu_driver ieee80211_send_null_response mark_oom_victim netlink_deliver_tap ext4_writepages __ia32_sys_shmctl record_print_text aio_setup_ring memblock_free_ptr local_bh_enable.63370 rt_mutex_setprio arch_jump_label_transform_queue send_sigio skb_checksum_help remove_nodes __vma_adjust ext4_ioctl __skb_checksum strlcpy memblock_alloc_internal __skb_gso_segment sscanf put_fs_context __lookup_slow async_schedule_node visit_groups_merge __pmd_alloc rcu_needs_cpu netlink_broadcast_filtered raise_softirq_irqoff blk_dump_rq_flags wb_start_background_writeback rcu_sync_enter fold_diff generic_exec_single dev_printk_emit put_pid netdev_core_pick_tx __smp_call_single_queue tg3_test_interrupt do_linkat __skb_flow_dissect get_swap_device skb_crc32c_csum_help ata_scsi_ioctl ieee80211_set_power_mgmt audit_match_class sk_error_report __mmu_notifier_invalidate_range free_pages_and_swap_cache in_entry_stack sk_free regulatory_propagate_dfs_state __next_timer_interrupt register_shrinker skb_release_data io_bitmap_share acpi_enable_event rht_key_hashfn.64438 show_state_filter acpi_ns_get_node __se_sys_quotactl acpi_ut_push_generic_state sysfs_create_groups reset_disabled_cpu_buffer nl80211_send_port_authorized bio_alloc_bioset drop_sysctl_table put_compound_head tsx_disable __init_cache_modes down_read_killable __percpu_init_rwsem debugfs_lookup resched_curr sbitmap_queue_clear ext4_xattr_set_handle hugepage_add_new_anon_rmap bitmap_ord_to_pos is_ucounts_overlimit alloc_vmap_area sysfs_create_group kmalloc_large_node idr_find device_links_driver_bound md_compat_ioctl set_direct_map_invalid_noflush complete_signal pde_put __x64_sys_setresuid async_schedule_node_domain __se_sys_pidfd_send_signal acpi_ut_get_type_name kick_process acpi_ns_delete_node put_filesystem ring_buffer_free kobj_ns_ops __x64_sys_ioperm __netlink_lookup flush_tlb_func idr_destroy tick_resume_oneshot mmput expand_files __uprobe_register tick_setup_periodic ext4_xattr_delete_inode netdev_pick_tx memblock_insert_region kill_ioctx rcu_dynticks_inc kobject_get intel_irq_install cpu_init tick_resume_check_broadcast kzalloc.24790 free_percpu _printk device_pm_sleep_init set_page_dirty __xa_clear_mark uprobe_write_opcode rcu_segcblist_accelerate ieee80211_report_used_skb locks_get_lock_context __rdgsbase_inactive gen_pool_destroy timekeeping_resume hugetlb_file_setup put_prev_entity device_link_drop_managed reuseport_detach_sock bio_chain xlate_dir __bitmap_complement security_inode_permission __kmem_cache_shutdown cgroup_migrate_execute timekeeping_suspend unmask_irq sched_clock_idle_wakeup_event tick_clock_notify xas_set_mark cfg80211_leave pmu_dev_alloc interval_tree_remove rb_first ___slab_alloc acpi_ns_attach_object kfree dst_release blk_queue_exit __qdisc_run mntput_no_expire set_tls_desc rmap_walk_anon switch_mm strncpy_from_user cfg80211_bss_color_notify hugetlb_acct_memory __ieee80211_subif_start_xmit acpi_ut_create_generic_state cfg80211_radar_event blk_mq_run_hw_queue audit_filter quiet_vmstat cgroup_attach_permissions kfree_skb alloc_file_pseudo cgroup_leave_frozen print_modules unmap_mapping_page in_group_p ring_buffer_overruns audit_log_untrustedstring memtype_check_insert debugfs_slab_release __nodes_weight.15173 shmem_getpage_gfp sprint_symbol_no_offset put_ipc_ns ia32_classify_syscall mix_pool_bytes update_attr do_send_sig_info start_creating __gup_longterm_locked ieee80211_sta_monitor_work register_pernet_subsys acpi_ns_walk_namespace __mnt_drop_write_file get_random_u64 __ns_get_path xas_find_marked __ia32_sys_prlimit64 device_release_driver_internal lookup_one_len_unlocked kernfs_link_sibling hard_smp_processor_id zone_set_pageset_high_and_batch rcu_irq_enter truncate_cleanup_page acpi_ns_delete_children rht_bucket_nested amd_iommu_resume report_error_detected __ieee80211_vht_handle_opmode hugetlb_page_mapping_lock_write __ia32_sys_epoll_ctl extract_buf alloc_huge_page cgroup_freezing device_link_add get_io_context tty_register_ldisc free_irq insn_get_prefixes __wake_up_parent unpin_user_pages down_read_trylock pwq_activate_first_inactive list_lru_del remove_wait_queue housekeeping_cpumask update_blocked_averages __wrgsbase_inactive interval_tree_insert clockevents_tick_resume ring_buffer_event_length signalfd_cleanup radix_tree_maybe_preload group_send_sig_info memtype_lookup io_async_task_func __rq_qos_merge down_trylock __module_address acpi_ns_create_node migrate_disable ___pte_free_tlb kvfree pid_nr_ns rcu_qs acpi_ns_get_type alloc_workqueue ktime_get_update_offsets_now insn_get_displacement refresh_cpu_vm_stats pskb_expand_head ext4_xattr_set_entry uprobe_mmap rb_check_pages phys_pud_init kmem_cache_alloc klist_iter_exit ieee80211_tx_status_8023 __netif_schedule free_reserved_area __vm_munmap populate_pgd file_ns_capable node_page_state prealloc_shrinker acpi_ut_valid_object_type strlen ext4_split_extent_at alloc_perf_context drain_local_pages __set_cpus_allowed_ptr_locked ring_buffer_consume __rq_qos_requeue sel_mmap_handle_status _drm_lease_held load_fixmap_gdt drm_vblank_init ieee80211_request_scan free_uid skb_queue_tail kobject_uevent __ia32_sys_ioperm netlink_attachskb put_io_context time_str pagecache_get_page page_mlock usb_add_hcd audit_log_task_context audit_log_format alloc_huge_page_vmemmap drm_ioctl security_sk_free css_populate_dir sock_queue_err_skb skb_copy_ubufs set_rq_online __acpi_osi_setup_darwin audit_log_key ieee80211_start_next_roc __fget_files rpm_suspend alternatives_smp_module_add acpi_ut_release_mutex dnotify_flush plist_del device_add_groups __submit_bio ring_buffer_record_off enable_irq update_wall_time insn_get_modrm __mcheck_cpu_init_generic fsnotify_grab_connector rcu_report_exp_cpu_mult ext4_append __wake_up_locked cpuhp_invoke_callback ieee80211_mgd_stop huge_node sch_direct_xmit namespace_unlock ieee80211_recalc_ps __x64_sys_reboot do_set_thread_area security_inode_getsecid setup_default_timer_irq update_dl_rq_load_avg ___ratelimit idr_for_each css_set_move_task add_uevent_var percpu_ref_kill_and_confirm can_migrate_task page_rmapping try_to_free_buffers do_read_cache_page perf_group_detach __dev_kfree_skb_any perf_event_alloc release_pages __split_vma ipc_init_ids __schedule __vm_insert_mixed perf_event_update_userpage acpi_get_table alloc_fresh_huge_page dmi_matches x86_fsbase_read_task up_write netlink_sendmsg mcheck_cpu_init rebind_subsystems __x64_sys_fcntl radix_tree_delete_item fn_spawn_con security_secid_to_secctx __siphash_unaligned acpi_tb_initialize_facs set_memory_4k make_empty_dir_inode do_anonymous_page numa_add_cpu __ia32_sys_io_setup audit_log_vformat mpol_shared_policy_lookup close_pdeo put_ctx fsnotify_recalc_mask __mod_zone_page_state swap_slot_free_notify down_read sched_show_task do_shrink_slab ieee80211_send_smps_action sysvec_reboot fourcc_string __free_one_page security_file_send_sigiotask _raw_write_lock i915_gem_object_userptr_validate wait_for_completion_io console_sysfs_notify read_pci_config_byte remove_vm_area strrchr __printk_wait_on_cpu_lock __mmu_notifier_invalidate_range_start posix_acl_permission vfs_getxattr groups_search __kmem_cache_free_bulk klist_dec_and_del fwnode_get_name_prefix rcu_idle_exit swap_duplicate xas_find_conflict pti_user_pagetable_walk_pmd current_time register_pm_notifier submit_bio restore_regulatory_settings memblock_alloc_try_nid __skb_get_hash __tasklet_schedule __task_pid_nr_ns strnlen madvise_populate putname __x64_sys_mlock2 dump_stack acpi_table_parse_madt skb_over_panic uevent_store.46808 kernfs_node_from_dentry irq_work_sync undock_store do_writepages dpm_sysfs_add fsnotify_detach_mark audit_uid_comparator unwind_next_frame assoc_array_walk __read_swap_cache_async tk_setup_internals ptrace_trap_notify register_for_each_vma auditsc_get_stamp x86_init_rdrand __key_instantiate_and_link locks_unlink_lock_ctx percpu_rwsem_wait security_file_alloc get_user_pages_remote acpi_format_exception zone_spanned_pages_in_node ___xfrm_state_destroy blk_mq_get_tag exit_io_context blk_queue_flag_set e820__range_add exit_task_namespaces scnprintf blk_io_schedule timer_reduce alloc_file ext4_getblk drm_mode_cursor_ioctl remove_hrtimer __warn_printk drm_mode_gamma_set_ioctl swapin_readahead sel_commit_bools_write data_push_tail do_trace_write_msr cfg80211_process_disassoc __ieee80211_stop_rx_ba_session cfg80211_switch_netns perf_try_init_event ieee80211_tx_control_port efi_update_mappings skb_dump key_schedule_gc cfg80211_cqm_beacon_loss_notify second_overflow dup_fd load_ucode_ap ti1250_override __vmalloc_node __ia32_sys_mlockall pty_unix98_compat_ioctl fc_mount intel_get_pipe_from_crtc_id_ioctl ieee80211_dynamic_ps_enable_work update_rq_clock ext4_iomap_overwrite_begin drm_mode_destroyblob_ioctl acpi_os_remove_interrupt_handler capable kernel_fpu_begin_mask skb_ensure_writable raw_notifier_call_chain i801_probe truncate_exceptional_pvec_entries recalc_sigpending sta_deliver_ps_frames ptep_set_access_flags inc_rlimit_ucounts perf_lock_task_context change_page_attr_set_clr kasprintf __set_cpus_allowed_ptr inherit_task_group __mmdrop __d_alloc tag_pages_for_writeback security_prepare_creds __skb_tstamp_tx kill_rules async_synchronize_cookie_domain ieee80211_ocb_work register_lapic_address vprintk sysfs_slab_add setup_net __ia32_sys_sched_setaffinity syscall_init drm_lease_held exc_invalid_tss load_direct_gdt put_mnt_ns assoc_array_insert_set_object try_to_unmap kvasprintf __access_remote_vm acpi_os_allocate_zeroed trace_print_lat_context audit_log_task_info get_seccomp_filter pcc_mbox_request_channel ip_list_rcv cpuset_nodemask_valid_mems_allowed idr_remove ksize mq_init_ns ieee80211_if_add setup_APIC_eilvt dl_bw_capacity find_vma stop_machine clear_asid_other next_zone kmsg_poll ieee80211_mgd_probe_ap_send percpu_counter_add_batch exp_funnel_lock do_set_mempolicy kthread_unpark x86_gsbase_read_task seg6_exit rwsem_mark_wake security_perf_event_free ext4_expand_extra_isize_ea dma_mmap_pages __vunmap __pskb_pull_tail ieee80211_ibss_work delete_from_page_cache workqueue_sysfs_register get_builtin_firmware fget_raw fsnotify_destroy_mark arch_smt_update __call_rcu __ia32_sys_fspick region_intersects synchronize_srcu evict get_next_timer_interrupt key_schedule_gc_links arch_jump_label_transform_apply region_del irq_work_queue rcu_barrier strcspn file_update_time add_tracer_options sched_set_stop_task install_thread_keyring_to_cred rcu_accelerate_cbs cpuset_mems_allowed_intersects __x64_sys_mknod init_idle sort vma_is_special_mapping calibrate_delay timens_commit __do_once_done __wake_up_sync_key update_all_wiphy_regulatory event_define_fields put_unused_fd netlink_broadcast audit_alloc ptep_clear_flush __msecs_to_jiffies dev_queue_xmit cfg80211_rfkill_set_block wake_up_process vfs_create_mount cpumask_weight.7263 acpi_ds_scope_stack_push __skb_ext_put tick_get_broadcast_mask ring_buffer_record_enable free_huge_page get_random_u32 swap_readpage tick_nohz_next_event kernel_fpu_end set_nlink kprobe_flush_task fd_install find_vm_area jump_label_transform __pti_set_user_pgtbl trace_seq_puts lru_add_drain_cpu_zone skip_spaces tick_oneshot_mode_active rb_prev check_preempt_curr rcu_exp_wait_wake wb_update_dirty_ratelimit mq_clear_sbinfo queue_work_on copy_creds _swap_info_get efi_mem_type apply_alternatives async_synchronize_full exit_fs memblock_phys_alloc_range audit_comparator __x64_sys_move_pages _raw_spin_lock_irqsave internal_get_user_pages_fast post_set strnlen_user strncmp __flush_work __ia32_sys_mlock2 set_normalized_timespec64 nl80211_send_connect_result name_to_int page_frag_free _raw_read_lock_bh driver_bound tty_ldisc_hangup sbitmap_get_shallow debugfs_remove pps_cdev_compat_ioctl clocksource_select_watchdog expand_stack print_stop_info memblock_reserve sysfs_slab_release kobject_init cgroup_propagate_control cea_set_pte sha1_init acpi_install_gpe_block context_close lookup_swap_cache remove_proc_subtree ctx_sched_out __pte_alloc submit_bio_wait __static_call_update dentry_unlink_inode cn_proc_mcast_ctl __kmalloc_track_caller device_links_force_bind alloc_fs_context device_links_read_lock put_pid_ns perf_event_namespaces __ia32_sys_setpriority lookup_one_common drain_workqueue wiphy_unregister __module_get strim ktime_get_mono_fast_ns klist_iter_init_node __clk_get_name sync_global_pgds_l5 kmem_cache_alloc_node blk_rq_merge_ok gen_pool_create __lru_add_drain_all acpi_ut_remove_reference task_set_jobctl_pending generic_permission io_workqueue_create __writeback_single_inode cfg80211_del_sta_sinfo clear_IO_APIC_pin _nohz_idle_balance huge_add_to_page_cache free_init_pages ext4_claim_free_clusters flush_work memcmp __fsnotify_vfsmount_delete set_direct_map_default_noflush __register_sysctl_paths radix_tree_lookup trace_rpm_usage_rcuidle e1000_io_resume.52479 ieee80211_txq_setup_flows acpi_ns_lookup migrate_enable __ia32_sys_setdomainname lookup_positive_unlocked __ia32_compat_sys_mq_open __cancel_work_timer sprintf cache_from_obj blk_mq_try_issue_directly init_wait_var_entry sb_clear_inode_writeback __get_task_comm __efi_memmap_init reweight_entity nfnetlink_broadcast lockref_get_not_dead __ia32_sys_unlink get_state_synchronize_rcu sysvec_error_interrupt chacha_permute get_swap_pages ktime_get_with_offset mp_override_legacy_irq freezing_slow_path _find_first_bit device_reorder_to_tail wake_q_add acpi_os_printf __printk_cpu_unlock acpi_os_table_override nla_put __put_net inherit_event alloc_thread_stack_node cpudl_init kmalloc_order_trace __ia32_sys_sethostname path_get do_mq_open __kernel_physical_mapping_init list_sort iomem_map_sanity_check software_node_notify kmsg_release ieee80211_auth.72847 percpu_counter_destroy choose_new_asid next_online_pgdat security_perf_event_alloc sched_dl_overflow get_ucounts blk_mq_add_to_requeue_list user_disable_single_step ntp_get_next_leap acpi_install_global_event_handler acpi_os_signal_semaphore audit_remove_mark acpi_unbind_one register_tracer vt_compat_ioctl proc_invalidate_siblings_dcache timekeeping_update ext4_should_retry_alloc gen_pool_add_owner skb_release_head_state unregister_shrinker iget_locked bdev_read_only acpi_table_parse perf_event_text_poke write_cache_pages detach_tasks vzalloc efi_mem_reserve intel_gt_handle_error __alloc_pages_bulk acpi_enable_subsystem __x64_sys_setdomainname acpi_os_allocate_zeroed.32125 ext4_ind_map_blocks kobject_add vmf_insert_mixed net_disable_timestamp __perf_event_header__init_id put_ucounts blk_flush_complete_seq msleep audit_log_n_untrustedstring clocksource_stop_suspend_timing linear_hugepage_index hrtimer_active __efi_memmap_free attach_entity_load_avg blk_rq_init sysfs_remove_groups acpi_bus_init __key_link_end cpu_init_exception_handling acpi_table_parse_entries_array ext4_expand_extra_isize faultin_vma_page_range __vmalloc rcu_idle_enter kernfs_get_inode __x64_sys_io_uring_enter security_task_setscheduler tracing_set_clock __ia32_sys_move_pages __alloc_percpu_gfp osq_unlock __sched_setscheduler get_page_from_freelist escaped_string cgroup_rstat_flush_locked blk_mq_submit_bio out_of_line_wait_on_bit device_bind_driver region_add vm_area_dup validate_xmit_skb pgprot2cachemode kmem_cache_alloc_trace vfs_setlease __sys_setuid bit_waitqueue tracepoint_probe_register_prio pnp_check_irq sysrq_handle_unrt __note_gp_changes wait_task_inactive rcu_segcblist_entrain clockevents_program_min_delta deferred_error_interrupt_enable get_unused_fd_flags dmar_set_interrupt lapic_get_maxlvt d_walk cmci_discover pin_kill set_primary_fwnode sched_ttwu_pending rcu_start_this_gp ip6_addr_string_sa skb_checksum key_user_lookup __ia32_sys_process_madvise mce_rdmsrl gen_pool_alloc_algo_owner tty_open mce_wrmsrl audit_log_d_path flush_signal_handlers inode_io_list_del rtl8139_open cmci_recheck set_memory_rw replace_chunk lmce_supported cgroup_addrm_files rhashtable_init cpu_smt_disable submit_bio_noacct kmem_cache_destroy simple_recursive_removal sysfs_create_mount_point tick_suspend_broadcast spp_getpage __vma_link_list add_taint hrtimer_try_to_cancel putback_active_hugepage __x64_sys_io_uring_setup static_protections node_page_state_pages post_init_entity_util_avg acpi_container_offline compat_ptrace_request init_cgroup_root copy_time_ns idr_get_next widen_string free_unref_page sched_set_normal shrink_page_list mock_drm_getfile key_instantiate_and_link cfg80211_nan_func_terminated follow_page is_vmalloc_addr acpi_tb_validate_table bus_add_device memblock_alloc_range_nid ext4_xattr_set consume_skb update_group_capacity ivb_parity_work read_cache_page __perf_event_overflow __dev_queue_xmit umount_tree swap_page_sector rcu_segcblist_enqueue igrab bio_add_page blk_finish_plug kstrdup __ia32_compat_sys_execve cpuhp_online_idle device_add ieee80211_do_stop __delay shmem_read_mapping_page_gfp cpuset_read_lock irq_set_affinity drm_release_noglobal bio_will_gap unlock_page bio_attempt_front_merge prb_reserve switch_to_new_gdt check_multiple_madt acpi_ns_get_node_unlocked __perf_sw_event ___pskb_trim bio_attempt_discard_merge __x64_sys_rt_tgsigqueueinfo arch_stack_walk xas_pause e1000e_pm_suspend free_nsproxy drm_release blk_bio_list_merge e100_resume __mcheck_cpu_init_vendor iput cmos_pnp_probe intel_modeset_init_noirq __x64_sys_setuid tracepoint_add_func vm_mmap scan_containers tlb_gather_mmu_fullmm acpi_ev_delete_gpe_block insn_get_opcode fw_devlink_purge_absent_suppliers blk_poll __se_compat_sys_sched_setaffinity kthread_bind_mask setup_clear_cpu_cap ext4_journalled_write_end mutex_spin_on_owner get_task_policy is_trap_insn __se_sys_setns d_alloc_anon isolate_huge_page try_to_migrate smp_call_function_single acpi_ut_update_object_reference get_filesystem fpu__drop lru_add_drain_all blk_queue_enter arch_vma_name get_acl hpet_cpuhp_online perf_event_mmap sysfs_remove_file_ns mark_tsc_unstable alloc_pid expand_downwards cpumask_weight.10590 synchronize_rcu_expedited_wait fprop_reflect_period_percpu cpumask_weight.7063 free_vm_area populate_vma_page_range threshold_restart_bank aio_prep_rw stop_machine_cpuslocked find_extend_vma clear_page_dirty_for_io sprint_symbol clear_huge_page ieee80211_mgd_quiesce __percpu_counter_sum __efi_memmap_alloc_late update_curr efi_arch_mem_reserve __set_task_comm fsnotify_put_mark cgroup_fork balance_dirty_pages_ratelimited acpi_hw_write_port kobject_get_path get_slabinfo __mpol_equal task_curr jiffies_to_msecs huge_pte_offset __synchronize_hardirq add_swap_count_continuation bdev_read_page disable_irq_nosync siphash_1u64 mm_trace_rss_stat ctx_sched_in acpi_ut_get_descriptor_name __pud_alloc acct_clear_integrals acpi_ns_search_one_scope percpu_ref_exit strnchr alloc_ucounts x86_model __x64_sys_fsmount try_to_wake_up delete_from_swap_cache cpu_startup_entry __ia32_sys_fcntl flush_tlb_mm_range __radix_tree_lookup xhci_resume __ia32_sys_oldumount activate_task allow_direct_reclaim ieee80211_remove_key sync_rcu_exp_select_node_cpus fprop_fraction_percpu __se_sys_msgctl cpupri_init __wb_update_bandwidth __x64_sys_setxattr rq_attach_root acpi_ut_delete_object_desc __ia32_sys_rmdir mm_init.4875 bust_spinlocks page_add_file_rmap cgroup_migrate_prepare_dst __percpu_ref_switch_mode inode_wait_for_writeback hugetlb_total_pages snprintf uprobe_end_dup_mmap assoc_array_apply_edit perf_clear_dirty_counters vma_mmu_pagesize nl80211_frame_tx_status mce_intel_feature_init __x64_sys_keyctl huge_pte_alloc anon_inode_getfile __lock_page_or_retry mnt_release_group_id __srcu_read_unlock dev_driver_string print_bad_pte cgroup_rstat_init __printk_cpu_trylock reserve_pfn_range klist_remove cgroup_migrate_add_src page_add_new_anon_rmap sk_destruct d_path __filemap_fdatawait_range is_bad_inode ieee80211_del_station enqueue_timer memblock_merge_regions vm_stat_account next_demotion_node ieee80211_sta_connection_lost perf_iterate_sb acpi_device_notify_remove prepare_to_wait_event blk_mq_delay_run_hw_queues ieee80211_send_deauth_disassoc rb_allocate_cpu_buffer finish_fault per_cpu_ptr_to_phys deactivate_task kernfs_find_ns security_fs_context_parse_param __dev_pm_qos_remove_request krealloc snd_dma_iram_mmap cancel_work_sync security_locked_down ieee80211_s1g_status_twt_action acpi_write_bit_register compaction_defer_reset domain_dirty_limits blk_mq_sched_insert_requests do_smart_wakeup_zero memblock_is_region_memory prepare_signal memchr show_swap_cache_info sysfs_add_file_mode_ns emergency_restart cfg80211_michael_mic_failure __blk_mq_run_hw_queue llist_add_batch vm_munmap ttm_bo_vm_fault_reserved hrtimer_init d_find_any_alias _dev_err ieee80211_sta_create_ibss __delete_from_page_cache netlbl_mgmt_genl_init set_pte_vaddr __mmap_lock_do_trace_released security_sb_set_mnt_opts device_initial_probe __send_signal __cpuhp_remove_state_cpuslocked memchr_inv __p4d_alloc ext4_mknod vdso_join_timens task_participate_group_stop hw_breakpoint_event_init flush_tlb_batched_pending __mutex_lock tick_set_periodic_handler tracepoint_probe_register early_iounmap __cfg80211_stop_sched_scan filter_assign_type show_mem __next_mem_range nf_conntrack_destroy free_pages ftrace_dump xa_load early_pfn_to_nid kernfs_put __queue_work __mutex_init apply_wqattrs_cleanup __down_write_common truncate_inode_pages_final memtype_kernel_map_sync tty_name vmacache_update clockevents_switch_state create_new_namespaces ieee80211_handle_roc_started up_read shrink_dentry_list tick_program_event clear_inode pud_clear_bad show_opcodes set_kthread_struct __ia32_compat_sys_execveat crng_reseed __key_link_begin __do_sys_brk sched_fork __unwind_start wait_on_page_bit time64_to_tm schedule_timeout ida_free wakeup_source_sysfs_add kmem_cache_create_usercopy mempolicy_in_oom_domain tsx_enable drm_crtc_queue_sequence_ioctl pat_init __down_read_common arch_release_task_struct set_secondary_fwnode strchr ieee80211_offchannel_stop_vifs intel_ppin_init invert_screen do_set_pte wait_iff_congested vmap __wake_up sysfs_notify ext4_dirty_inode __mm_populate ioremap_page_range ieee80211_vht_handle_opmode __get_free_pages kobject_create_and_add ext4_setattr cfg80211_new_sta lru_add_drain io_uring_mmap perf_log_throttle update_vsyscall __pm_runtime_barrier vunmap_range_noflush set_cursor pid_vnr acpi_ns_build_internal_name __kernfs_setattr __ia32_compat_sys_sched_setaffinity __tasklet_schedule_common __ia32_sys_io_submit hsw_hw_config trace_print_lat_fmt audit_log_lost __mutex_lock_slowpath __irq_domain_add __x64_sys_fsetxattr sched_clock_stable rcu_gp_is_normal audit_log_pid_context prandom_u32 drm_put_dev security_key_alloc errname schedule_preempt_disabled do_sched_setscheduler pcpu_chunk_refresh_hint osq_lock __alloc_pages numa_nodemask_from_meminfo migrate_page_states __filemap_set_wb_err mqueue_create kmem_cache_free find_css_set mce_available acpi_ut_acquire_mutex wake_up_q blk_mq_sched_insert_request ieee80211_mgmt_tx skb_push print_hex_dump prepare_to_swait_event tsc_verify_tsc_adjust hrtimer_start_range_ns __set_pte_vaddr proc_alloc_inum __clockevents_switch_state acpi_os_release_object pcie_do_recovery size_to_hstate cfg80211_cqm_pktloss_notify get_task_io_context sbitmap_get rb_next azx_acquire_irq copy_utsname proc_exit_connector timerqueue_add ext4_orphan_cleanup format_decode cgroup_enter_frozen device_remove_groups __ia32_sys_adjtimex_time32 __x64_sys_timerfd_settime32 __lock_page __ia32_compat_sys_ia32_mmap dequeue_skb bdevname clockevents_program_event skb_tstamp_tx static_key_count pgd_clear_bad device_links_read_unlock ns_get_path get_random_bytes select_idle_routine pat_disable find_inode_fast put_css_set_locked __x64_sys_pidfd_send_signal _raw_spin_unlock_bh abort_creds zone_watermark_ok_safe unapply_uprobe __get_user_pages pwq_dec_nr_in_flight __purge_vmap_area_lazy __kfree_skb arch_cpu_idle_dead audit_tree_lookup _raw_spin_lock_irq hpet_time_init update_rt_rq_load_avg __cond_resched hrtimer_get_next_event inode_add_lru ieee80211_destroy_auth_data __ioremap_caller ring_buffer_time_stamp kobject_put ieee80211_sched_scan_end __cpuhp_state_add_instance irq_domain_activate_irq __local_bh_enable_ip out_of_memory acpi_get_table_by_index vmf_insert_mixed_prot event_sched_out uart_ioctl perf_compat_ioctl d_alloc_pseudo ns2usecs __drain_all_pages perf_event__output_id_sample __ia32_sys_move_mount zone_reclaimable_pages acpi_ut_valid_internal_object vfs_kern_mount crash_save_vmcoreinfo vmcoreinfo_append_str __anon_vma_prepare enter_lazy_tlb tk_debug_account_sleep_time devres_log e820__mapped_any sg_write __pm_runtime_idle __d_lookup device_unregister bitmap_onto static_key_enable ieee80211_tx_frags __cond_resched_lock mutex_unlock trace_seq_putmem vma_interval_tree_remove alloc_empty_file trace_seq_putmem_hex destroy_worker mlock_vma_page find_lock_entries cfg80211_stop_p2p_device __blk_mq_delay_run_hw_queue cpuacct_charge ihold queue_delayed_work_on refcount_dec_not_one clocksource_mark_unstable cpuidle_not_available acpi_hw_get_mode free_pcp_prepare address_val _raw_spin_unlock_irqrestore dma_mmap_noncontiguous skb_copy_bits _vm_unmap_aliases lwt_seg6local_func_proto rcu_read_unlock_strict idr_alloc_cyclic kstrdup_const device_initialize rcu_all_qs irq_work_single early_enable_events raw_spin_rq_unlock x86_family cgroup_update_frozen strstr add_device_randomness audit_get_tty ftrace_find_event kernfs_notify rotate_reclaimable_page vfree peernet_has_id acpi_locate_initial_tables crash_setup_regs kernel_text_address rebalance_domains tracing_reset_online_cpus ext4_rmdir arch_get_vdso_data acpi_ut_pop_generic_state ptrace_stop audit_mark_compare __bitmap_clear sysctl_print_dir queue_rcu_work finish_wait raise_softirq rcu_sync_exit remove_arg_zero __irq_put_desc_unlock __e820__range_add acpi_ut_create_internal_object_dbg kblockd_mod_delayed_work_on path_getxattr groups_free ieee80211_auth audit_string_contains_control stack_type_name pgd_page_get_mm copy_fs_struct do_mount get_gate_vma mempool_alloc pcpu_populate_chunk flush_smp_call_function_queue skb_clone need_update __x64_sys_sched_setparam __alloc_pages_slowpath queued_spin_lock_slowpath pcpu_alloc dec_rlimit_put_ucounts tick_get_tick_sched __dev_pm_qos_resume_latency alloc_fd set_task_rq_fair I_BDEV __add_preferred_console vunmap_p4d_range do_update_region get_cached_acl __mcheck_cpu_init_clear_banks efi_runtime_disabled symbol_string __mmap_lock_do_trace_start_locking init_srcu_struct_fields tsc_store_and_check_tsc_adjust __x64_sys_open_by_handle_at vmap_small_pages_range_noflush proc_comm_connector timerqueue_iterate_next _raw_read_unlock_bh numa_add_memblk_to __ia32_sys_ptrace redraw_screen free_vmap_area_noflush __init_waitqueue_head refcount_dec_and_lock get_any_partial __rb_insert_augmented inet6_bind mp_find_ioapic_pin do_send_specific flush_workqueue __fsnotify_update_child_dentry_flags ieee80211_stop idle_cpu llist_reverse_order kern_path __acpi_map_table __trace_early_add_events rcu_report_qs_rnp alloc_uevent_skb get_vfs_caps_from_disk arch_irq_work_raise __blk_mq_end_request dquot_free_inode extract_entropy profile_init cpumask_any_but is_acpi_device_node __se_sys_fsetxattr clear_sched_clock_stable __kthread_should_park audit_panic schedule_timeout_idle __reset_isolation_suitable tick_get_broadcast_oneshot_mask acpi_ex_unlink_mutex __ia32_sys_swapon __proc_create group_sched_out ext4_put_io_end fs_context_for_mount free_kthread_struct ieee80211_change_station schedule_timeout_uninterruptible cpuidle_reflect rmqueue_bulk bio_devname unregister_sysctl_table tg3_self_test elf_map.17942 kernfs_remove __page_cache_release pcpu_block_update _raw_read_lock migrate_page_copy __x64_sys_mkdir copy_process task_will_free_mem try_to_release_page _raw_read_lock_irqsave pcpu_create_chunk srcu_gp_start hugetlb_show_meminfo e820__mapped_all unmap_region prepare_to_wait __x64_sys_fsconfig hpet_readl io_bitmap_exit acpi_enable acpi_os_acquire_lock acpi_sci_ioapic_setup do_try_to_free_pages hugetlb_fault change_mnt_propagation __irq_set_trigger __page_file_index PageHuge cleanup_glue_dir reg_query_database cond_synchronize_rcu oom_badness __mmput ext4_ext_insert_extent kmsg_dump __put_page mce_gen_pool_add compaction_suitable drm_mode_getplane_res node_dirty_ok wakeup_kcompactd tick_nohz_tick_stopped __ia32_sys_setgid16 strcmp p4d_clear_bad sum_zone_node_page_state find_task_by_pid_ns perform_atomic_semop ring_buffer_empty_cpu sync_global_pgds_l4 __cpuhp_setup_state_cpuslocked kmem_cache_alloc_bulk rcu_dynticks_eqs_enter klist_iter_init slab_is_available e820__update_table acpi_tb_resize_root_table_list shmctl_down sysfs_create_dir_ns schedule_hrtimeout simple_pin_fs vprintk_emit drop_nlink determine_cpu_tsc_frequencies check_object unlink_anon_vmas blk_mq_put_tag uart_parse_earlycon ieee80211_disassoc pmd_set_huge blk_account_io_start mod_timer do_softirq kthread_set_per_cpu restore_boot_irq_mode __blk_mq_try_issue_directly errseq_sample normalize_rt_tasks __ia32_sys_renameat load_elf_binary __x64_sys_unshare __insert_resource __se_sys_fremovexattr wait_on_page_writeback kmem_cache_alloc_node_trace blk_mq_insert_requests acpi_ns_detach_object ptrace_access_vm housekeeping_test_cpu acpi_tb_uninstall_table acpi_ut_repair_name synchronize_rcu_expedited enable_drhd_fault_handling __blk_mq_tag_busy rmap_walk apply_wqattrs_commit down_write_killable memtype_reserve unregister_filesystem blocking_notifier_call_chain e100_open workingset_activation proc_mkdir_mode pty_unix98_ioctl kern_mount sbitmap_any_bit_set mce_gen_pool_init __pagevec_release __cpuset_node_allowed invoke_rcu_core do_fcntl native_flush_tlb_multi security_release_secctx idr_preload native_tss_update_io_bitmap deactivate_super vm_unmap_aliases __checkparam_dl putback_lru_page do_set_cpus_allowed debug_locks_off audit_filter_syscall mutex_trylock is_console_locked try_to_free_swap hrtimer_forward page_mkclean hrtimer_cancel ieee80211_cancel_remain_on_channel get_swap_page proc_coredump_connector timerqueue_del drain_slots_cache_cpu kthread_data create_worker acpi_ut_valid_nameseg migrate_page_move_mapping finish_task_switch rb_event_length memblock_setclr_flag acpi_tb_get_table __alloc_skb perf_output_end skb_mac_gso_segment perf_output_copy intel_overlay_put_image_ioctl skb_warn_bad_offload perf_output_begin __ia32_sys_remap_file_pages perf_event_header__init_id to_ratio copy_tree send_call_function_single_ipi synchronize_rcu do_fast_syscall_32 blk_mq_free_request __do_fast_syscall_32 __blk_mq_free_request blk_mq_sched_restart arch_cpu_idle_exit fput device_remove_properties acpi_error set_pfnblock_flags_mask page_vma_mapped_walk acpi_os_vprintf acpi_ev_create_gpe_block putback_movable_pages schedule _raw_read_unlock_irqrestore __ia32_sys_lremovexattr irq_chip_pm_put __unmap_hugepage_range_final __wakeup_flusher_threads_bdi __setup_irq mpol_set_nodemask kthread_stop sync_rcu_exp_select_cpus kernfs_drain_open_files acpi_os_read_memory follow_phys kallsyms_lookup_buildid irq_startup pageout sched_set_fifo __ia32_sys_lsetxattr irq_chip_pm_get rpm_resume ring_buffer_iter_empty rcu_irq_exit_irqson rb_advance_iter rcu_irq_exit __x64_sys_clone rcu_irq_enter_irqson early_ioremap irq_disable rpm_idle early_memremap device_get_devnode internal_create_group load_elf_binary.17932 kernfs_activate security_set_bools kill_fasync idr_get_free radix_tree_node_alloc inc_node_page_state e100_io_resume ieee80211_sta_ps_deliver_uapsd ieee80211_start_nan try_to_unmap_flush flush_tlb_one_kernel keyring_alloc cpumask_next_and acpi_hw_register_write init_srcu_struct acpi_hw_write __se_sys_adjtimex_time32 trace_buffered_event_disable __append_e820_table acpi_hw_get_access_bit_width send_sig_info isolate_migratepages_block request_threaded_irq huge_pmd_unshare __ia32_sys_socketcall irq_to_desc acpi_hw_register_read nfs4_proc_setlease x86_match_cpu acpi_hw_read_port reweight_task security_inode_free mpc_ioapic_id acpi_os_read_port __ia32_sys_execve acpi_hw_get_bit_register_info acpi_warning exit_aio ring_buffer_iter_dropped rcu_nmi_enter i8042_setup_aux __ia32_compat_sys_ioctl security_d_instantiate wait_for_common deactivate_locked_super cpa_flush __put_super list_lru_destroy drm_lease_destroy exc_stack_segment cr4_update_irqsoff __printk_safe_exit _find_first_zero_bit __refrigerator drm_sysfs_lease_event kthread_should_stop io_queue_worker_create irqentry_exit_to_user_mode d_alloc_parallel is_swbp_insn __do_once_start add_wait_queue __d_lookup_rcu update_ref_ctr set_fs_pwd tcp_setsockopt __ptrace_link newidle_balance housekeeping_enabled set_next_entity do_unblank_screen proc_create_data blocking_notifier_chain_register __blkdev_issue_discard put_device device_del __zerocopy_sg_from_iter device_pm_check_callbacks key_payload_reserve d_instantiate pm_runtime_reinit ieee80211_probe_mesh_link fwnode_handle_get __delayacct_tsk_init blk_mq_rq_ctx_init prepare_to_wait_exclusive ptrace_may_access tick_broadcast_oneshot_active housekeeping_any_cpu load_balance ieee80211_reset_ap_probe device_wakeup_disable do_pipe2 wakeup_source_unregister wakeup_source_deactivate ext4_map_blocks pud_free_pmd_page text_poke_finish del_timer ieee80211_leave_ibss pmd_clear_huge security_task_getsecid_subj blk_flush_plug_list del_timer_sync devres_release_all __update_ref_ctr d_find_alias task_active_pid_ns __dev_printk cpuhp_issue_call up __x64_sys_shmat hrtimer_sleeper_start_expires console_trylock __x64_sys_renameat2 available_idle_cpu alloc_surplus_huge_page rcu_barrier_func ext4_readpage msg_print_ext_body sysfs_remove_link rb_get_reader_page _parse_integer_fixup_radix clockevents_resume kernfs_path_from_node_locked ptrace_resume strreplace sysfs_remove_group __fw_devlink_link_to_consumers task_join_group_stop __key_link_lock freq_qos_apply __xas_next __x64_sys_epoll_ctl pm_qos_update_target __x64_sys_ptrace acpi_tb_init_table_descriptor __dquot_free_space crng_backtrack_protect device_create_file __nodes_weight mp_save_irq __update_idle_core zerocopy_sg_from_iter _dev_info device_pm_unlock acpi_read_bit_register sysfs_merge_group sysfs_do_create_link_sd tty_compat_ioctl mce_read_aux kernfs_create_link _copy_from_user acpi_ns_get_secondary_object wake_up_bit acpi_os_unmap_memory kmemdup_nul efi_sync_low_kernel_mappings __srcu_read_lock _dev_warn sched_setscheduler locks_free_lock_context dquot_alloc_inode _get_random_bytes key_remove_domain get_device_parent radix_tree_node_rcu_free __x64_sys_getxattr sched_clock_cpu task_work_run sysrq_timer_list_show print_tickdevice tick_get_broadcast_device strcpy print_cpu task_work_cancel_match SEQ_printf task_work_add __kthread_create_on_node ieee80211_ibss_rx_queued_mgmt find_suitable_fallback init_dl_bw rcu_force_quiescent_state sched_setscheduler_nocheck handle_eject_request wakeup_sysfs_remove simple_release_fs __dev_xmit_skb perf_adjust_period rb_update_pages kobject_add_internal slab_unmergeable klist_node_attached rcu_dynticks_eqs_exit __sys_setreuid __var_waitqueue kthread_create_on_node string_escape_mem raw_spin_rq_lock_nested x86_stepping __irq_domain_alloc_fwnode __dl_clear_params dup_user_cpus_ptr mod_node_page_state radix_tree_insert kmem_cache_create get_stack_info_noinstr pgd_alloc e100_tx_timeout_task cgroup_finalize_control get_cpu_entry_area cfg80211_pmksa_candidate_notify mutex_is_locked memblock_alloc_try_nid_raw rcu_nmi_exit ring_buffer_iter_peek dequeue_huge_page_nodemask trace_seq_bprintf pci_request_irq has_capability_noaudit pick_next_task_idle __update_load_avg_blocked_se cgroup_freezer_migrate_task device_remove_file xas_create io_worker_cancel_cb path_put destroy_workqueue acpi_tb_release_temp_table sysfs_unmerge_group map_ldt_struct dec_ucount inc_ucount cpumask_weight acpi_os_unmap_iomem kmemdup __ia32_sys_pidfd_send_signal get_device walk_mem_res vm_area_free __cgroup_account_cputime __sk_destruct xas_create_range restore_reserve_on_error tty_ldisc_reinit sbitmap_prepare_to_wait create_task_io_context device_register dump_stack_print_info init_rescuer memcpy_fromio prb_next_seq get_cpu_cap check_flush_dependency mtrr_type_lookup alloc_unbound_pwq profile_hits set_user_nice alloc_desc identify_cpu dump_page cpus_read_lock __remove_mapping ktime_get_real_ts64 kexec_crash_loaded inat_get_opcode_attribute call_rcu __lookup_mnt copy_huge_page free_buffer_head update_cpu_capacity drop_buffers page_anon_vma __delayacct_thrashing_start alloc_pages_exact register_console make_alloc_exact try_enable_new_console strsep get_cached_acl_rcu audit_compare_dname_path set_intr_gate finish_swait hex_dump_to_buffer __acpi_get_override_irq proc_create_seq_private ktime_get_seconds rcu_inkernel_boot_has_ended rwsem_spin_on_owner memtype_free vmacache_find tty_kref_put clear_gigantic_page ioremap_cache page_swap_info proc_mkdir ieee80211_abort_scan audit_serial native_set_fixmap perf_uprobe_init tsc_enable_sched_clock cachemode2protval free_area_init_node __absent_pages_in_range __udelay ieee80211_dfs_cac_timer_work __node_reclaim get_pfn_range_for_nid __delayacct_blkio_end __blk_mq_alloc_request kernfs_add_one generic_processor_info blk_status_to_errno ieee80211_send_4addr_nullfunc setup_earlycon unregister_console free_contig_range bus_uevent_store __x64_sys_io_setup acpi_parse_entries_array queue_stop_cpus_work __memblock_free_late ktime_get_real_seconds drm_client_framebuffer_create memparse acpi_ut_get_event_name add_event_to_ctx __next_node_in irq_pm_remove_action acpi_put_table warn_alloc seq_buf_putc pm_qos_sysfs_remove_flags tg3_request_irq __x64_sys_linkat ___skb_get_hash __oom_reap_task_mm rb_advance_reader irq_work_needs_cpu _parse_integer_limit get_partial_node anon_vma_interval_tree_iter_next rb_erase acpi_match_platform_list acpi_os_map_memory acpi_ns_remove_node io_schedule_timeout ___perf_sw_event acpi_ns_opens_scope acpi_table_initrd_scan sel_write_access exc_int3 dev_pm_enable_wake_irq_check acpi_tb_install_standard_table free_pgd_range ieee80211_beacon_connection_loss_work __sk_free ops_init acpi_hw_disable_gpe_block register_module_notifier acpi_os_physical_table_override dev_fwnode rcu_is_watching kernfs_setattr efi_memmap_unmap acpi_tb_acquire_temp_table flush_smp_call_function_from_idle update_misfit_status vma_interval_tree_iter_next early_pci_allowed drm_mode_create_lease_ioctl get_data native_write_cr4 extend_brk sync_global_pgds seq_buf_bprintf cgroup_rstat_exit sync_mm_rss __e820__range_update is_cpu_allowed log_buf_len_update __vma_link_rb memblock_is_region_reserved __put_task_struct acpi_osi_setup phy_request_interrupt strncpy acpi_tb_print_table_header down memremap __kmalloc_node_track_caller proc_fork_connector memunmap ieee80211_tx_dequeue early_memremap_prot memblock_remove_region node_random ext4_split_extent build_id_parse __show_regs ip_rcv_finish_core ieee80211_key_replace idr_replace cpuset_mems_allowed native_write_cr0 __tick_broadcast_oneshot_control get_fixed_ranges pin_user_pages_locked k8_check_syscfg_dram_mod_en __ia32_sys_mount_setattr shrink_inactive_list set_cpus_allowed_ptr hpet_ioctl complete_change_console dmi_match blk_queue_flag_test_and_set on_freelist anon_vma_clone local_bh_enable clocks_calc_mult_shift si_mem_available pcpu_mem_zalloc acpi_pm_read_verified put_io_context_active is_hpet_enabled register_sysctl_table bio_advance scan_swap_map_slots proc_create_single_data vmalloc_to_pfn jump_label_update cpu_bugs_smt_update text_poke_bp get_cmdline regulatory_set_wiphy_regd_sync numa_default_policy __mpol_put end_page_writeback arch_jump_label_transform_static get_option radix_tree_tag_get cfg80211_process_rdev_events wait_for_completion_killable __destroy_inode pmd_clear_bad _extract_crng cpumask_any_and_distribute read_pci_config_16 tracepoint_probe_unregister kernfs_get __next_mem_pfn_range acpi_hw_read pti_clone_pgtable trace_seq_putc module_address_lookup __x64_sys_mbind in_gate_area_no_mm inet6_init __jump_label_patch __dquot_transfer _find_last_bit ieee80211_mgd_auth ioremap_wt kobject_del tracing_start_cmdline_record cgroup_apply_control_enable install_breakpoint acpi_install_fixed_event_handler try_to_compact_pages check_slab initialize_tlbstate_and_flush __put_anon_vma __x64_sys_tkill try_to_grab_pending blk_recalc_rq_segments vmf_insert_mixed_mkwrite biovec_slab get_callchain_buffers elf_core_dump.17934 kernfs_create_root cpuset_cpus_allowed_fallback mempool_free open_softirq wait_for_completion vma_interval_tree_iter_first __swap_entry_free swap_count_continued proc_symlink isolate_lru_page __percpu_down_read untrack_pfn invoke_tx_handlers_late follow_invalidate_pte restricted_pointer __free_pages_ok _raw_write_lock_irq pmd_huge tlb_gather_mmu memblock_remove_range selnl_notify init_espfix_ap __init_rwsem kvasprintf_const page_remove_rmap lookup_address_in_pgd klist_add_tail file_path pin_user_pages_unlocked uprobe_notify_resume worker_enter_idle ring_buffer_set_clock compact_zone __x64_sys_timerfd_create ns_to_timespec64 free_huge_page_vmemmap adjust_managed_page_count tick_nohz_idle_stop_tick __static_call_init downgrade_write __x64_sys_mount_setattr get_pfnblock_flags_mask atomic_notifier_chain_register populate_pmd capable_wrt_inode_uidgid on_each_cpu_cond_mask extfrag_for_order kmalloc_slab filp_close klist_del sk_filter_trim_cap __ia32_sys_symlinkat trace_event_enable_tgid_record exit_mmap stop_one_cpu_nowait memblock_isolate_range munlock_vma_pages_range compat_sock_ioctl netdev_bits bad_page pud_huge ext4_get_block vma_interval_tree_insert tsx_clear_cpuid vma_dup_policy __mpol_dup __ia32_sys_renameat2 dup_mmap insert_resource ring_buffer_normalize_time_stamp alloc_pages_vma __cfg80211_stop_ap kzalloc.28667 free_uts_ns delete_from_page_cache_batch return_unused_surplus_pages __ia32_sys_umount ttwu_queue_wakelist tick_suspend ext4_xattr_inode_get clockevents_suspend cpuidle_enter_s2idle write_inode __ia32_sys_timerfd_settime should_failslab acpi_ut_validate_exception alloc_fdtable copy_semundo copy_pid_ns copy_cgroup_ns copy_net_ns copy_namespaces kernfs_create_empty_dir clear_posix_cputimers_work fput_many inode_has_buffers lsm_append tick_resume link_css_set update_queue cfg80211_register_wdev attach_pid peernet2id ieee80211_start_p2p_device netlink_trim tcp_get_timestamping_opt_stats get_xps_queue filename_lookup bpf_flow_dissect xmit_one sched_post_fork aio_write perf_event_fork uprobe_copy_process audit_filter_rules __wake_up_pollfree skb_panic perf_event_free_task __acpi_unmap_table __blk_mq_get_tag __se_sys_rt_tgsigqueueinfo ioc_create_icq sbitmap_finish_wait destroy_compound_gigantic_page acpi_ev_delete_gpe_xrupt acpi_ut_update_ref_count acpi_ns_get_internal_name_length ieee80211_start_roc_work acpi_ut_remove_address_range acpi_ns_search_and_enter anon_vma_interval_tree_iter_first set_rq_offline smp_call_function_many init_and_link_css ext4_block_zero_page_range netlink_unicast clocksource_arch_init fpu_clone __clocksource_update_freq_scale unmap_pmd_range fragmentation_index send_sigio_to_task __register_sysctl_table init_kernel_text cfg80211_sta_opmode_change_notify read_persistent_clock64 test_clear_page_writeback kmalloc_order mnt_pin_kill get_vm_area_caller ntp_clear load_current_idt insert_header sysctl_err acpi_ut_delete_generic_state cpuset_read_unlock detect_ht get_user_pages intel_init_cmci blk_try_enter_queue blk_attempt_bio_merge ieee80211_dfs_radar_detected_work swap_cluster_readahead ieee80211_sta_restart __percpu_counter_compare ops_free_list get_gate_page posix_cputimers_group_init pte_alloc_one set_swbp _set_memory_uc audit_exe_compare cgroup_update_populated __change_page_attr_set_clr ip6_addr_string clocksource_suspend new_inode_pseudo security_sock_rcv_skb skb_network_protocol rcu_init_geometry __sigqueue_alloc timekeeping_notify next_arg sel_write_checkreqprot exc_alignment_check prb_reserve_in_last add_to_page_cache_lru cr4_read_shadow __ia32_sys_mq_open ioc_lookup_icq lockdep_assert_cpus_held timekeeping_max_deferment cpus_read_unlock workingset_refault __ieee80211_scan_completed static_key_slow_inc arch_dup_task_struct trace_print_context rb_buffer_peek trace_event_enable_cmd_record print_worker_info ip_addr_string css_has_online_children shrink_lock_dentry __is_insn_slot_addr acpi_ac_notify parse_monolithic_mount_data tsk_fork_get_node =o= --- DONE! --- ------------STATISTICS--------------- 49745 : Functions greeted 1472 : External functions 0 : Discovered Path 0 : Matched Path 95404 : Good Path 2374 : Bad Path 116148 : Ignored Path 0 : Path Unable to Resolve 0 : Resolved CallSite Using Function Pointer 1719 : Critical Functions 299 : Critical Variables 0 : # of times max depth for forward analysis hit 0 : # of times max depth for backward analysis hit 139160 : Critical Function Pointer Unable to Resolve, Collect Pass 339 : Critical Function Pointer Resolved, Collect Pass 11566 : Critical Functions used by non CallInst 62303 : Critical Functions used by static assignment 606 : # of times indirect call site matched with critical functions 51444 : # of times indirect call site failed to match with critical functions 0 : found capability check inside call using function ptr 287 : number of critical function skipped(uniq)